Personal cryptoprotective complex

ABSTRACT

The invention relates to information protection and user identification. The technical result consists in functionality enhancement including: information encryption and decryption; electronic document authentication using an electronic digital signature; protection of electronic documents against copying, exchange of copy-protected electronic documents; settlements by means of electronic payment facilities; protection of software and databases against unauthorized copying. The inventive personal cryptoprotective complex comprises a code-carrying medium in the form of a cassette for protection of cryptographic data and a terminal device for communications with peripheral devices such as a personal computer, a telephone and a card reader. The cassettes for personal cryptoprotective complexes are embodied such that they have a unified architecture, common software and an identical secret mother code. A protective sheath of the cassette has light-reflective surfaces. A program for monitoring the integrity of the protective sheath destroys the mother code in case of an authorized access. A data processing program checks the inputted open information for presence of service symbols therein which are used as a most important tool for carrying out different cryptographic operations. Individual data of a user, including the electronic digital signature thereof, is recorded in a ROM. The inventive cryptoprotective complex comprises a user identification device in the form of an identification wristband that stores single-use access passwords.

FIELD OF THE INVENTION

The invention relates to provision of information protection and isintended for storage of access codes, keys and passwords, for useridentification, for safe information exchange on open communicationchannels, for safe realization of various settlements in electronicmoney and their substitutes, for conclusion of electronic transactionsand creation of electronic documents confirmed with electronicsignatures without use of asymmetric keys, for protection of computerprograms and databases against non-authorized copying, for safetransmission and exchange of electronic documents with protectionagainst copying.

BACKGROUND OF THE INVENTION

Devices for user identification by means of a plastic card containing amicrochip and an access code inputted by a user for access to protectedobjects are widely known. Their disadvantage is the necessity each timeto input the access code, and when the card is intended for access tovarious objects which were not connected to each other, it is necessaryfor a user to remember some various access codes.

Also known is a device for safe information storage on a chip in which amicroprocessor, buses and a memory are combined. The disadvantage ofsuch a design is that one can scan information from a chip using aspecial electronic probe. The attacks based on breakup of data storagehardware by a laser beam and on a method of ion analysis also may beused.

Systems for encryption by means of asymmetric keys, based on use ofconfidential and public keys, and also on difficulty of inversion ofunilateral functions, are known. The disadvantage of such systems isthat the volume of a cryptogram considerably exceeds the volume ofinitial information. Assigned to the disadvantages also may be aconstantly decreasing cryptoresistance of the present systems owing tocreation of high-speed computers united in a network, and themathematical methods facilitating the decryption process, while increasein a length of a key to improve the cryptoresistance of an algorithmresults in delay of encryption and decryption processes and requiresconsumption of significant computing facilities.

Systems intended for encryption by means of symmetrical keys and basedon methods of repeated replacement and permutation of information itemsare known. The disadvantage of such systems is the necessity of secretkey exchange before a cryptoprotective communication session, whichmakes their interception possible. Besides, knowing a fragment ofinitial information and its cryptogram, it is easy to calculate a key,while increase in a length of a key to improve the cryptoresistance ofan algorithm will result in delay of encryption and decryptionprocesses. Another substantial disadvantage of such encryption system isthat if more than two users have a key, all owners of the key maydecrypt information designed to one user.

Known is a method for authentication of electronic documents by theirhashing and encrypting a hashing value by means of a secret key of aperson signed a document, said key being decrypted by an open key of thepresent person. The disadvantage of such method consists in that, inorder to identify an electronic digital signature, a user should knowthat the open key really belongs to the person on behalf of whom thedocument was signed. Besides, in order to identify a date of signing thedocument, it is necessary to carry out certification of the date throughspecial certification centers by means of Internet. Application of theelectronic signature requires organization of a trust certifying center.

Known is a device that is a smart card comprising a microchip used forsettlements by carrying out transactions with use of communicationlinks. The disadvantages of the present device and the settlement methodused thereon are: the necessity for a bank to take part in alloperations of a smart card user permanently, that requires the presenceof a network of terminals connected to communication links; a usershould each time input his or her PIN code, and the user has to reportsaid PIN code to a seller for calculations through the Internet. Userscannot make settlements among themselves directly. The bank may traceall operations of the smart card user and his or her location at themoment of execution of operation.

Known is a method of using asymmetric encryption systems for settlementsin electronic cash: electronic banknotes and coins. The disadvantage ofthe present method is that the same electronic banknote or coin may bespent several times. The electronic coin may circulate a limitedquantity of times because data of all of its former owners is recordedin view of safety. Banks limit use of the sum of electronic cash on onesmart card in view of safety as well.

Known is a device that is an electronic key containing microchip inwhich an access code for using a computer program is recorded, said keybeing intended for protection of the program against illegal copying.The disadvantage of the present device is that the electronic key isintended only for one program; besides, there are methods for creatingemulators of an electronic key, which makes it possible to copy computerprograms in a non-authorized way.

The closest similar prior art solution is a system of distributed keysbased on intellectual cryptographic cards known as PC Cards including aprotective brand, a microprocessor and a nonvolatile memory in whichkeys are recorded, unique for each card. The microprocessor carries outencryption and decryption according to an algorithm recorded in thememory of the card. To carry out cryptographic operations, the card isinserted in a special connector in a computer whereupon a user inputs apassword and identification data that give access to a card. Then usersmake an exchange of open keys and develop a temporary symmetrical key ofa session, which may be a dynamic key and using which the encryption anddecryption of information is carried out. The fundamental disadvantageof the present systems consists in that the card cannot determine anobject with which the cryptoprotective communication is established,because a user may reproduce algorithm of operation of PC cards on acommon computer, and the user can use a set of random numbers of anecessary size as keys, since keys recorded in PC cards of one user arenot known to PC cards of other users, and it is impossible to establishthe substitution of keys. Because of the present disadvantage, PC cardscannot be used for fulfillment of various functions based on trust to asource of information. Besides, such cards as PC cards have no enoughreliable physical protection against scanning information from a chip.

DISCLOSURE OF THE INVENTION

It is a problem of the present invention to provide a multifunctionaluniversal cryptoprotective complex convenient in application,inexpensive in manufacture, having a high degree of physical and logicprotection and a high speed of data processing. The technical resultaccomplished by the invention consists in expansion of functionalitiesof the cryptoprotective complex which provides effective fulfillment ofsuch functions as: encryption and decryption of information during itstransmission from one user to another; encryption and decryption ofelectronic documents using a decryption password with the possibility ofdecryption by any user of a personal cryptoprotective device, who knowsa decryption password; encryption and decryption of electronic documentswith protection against obtrusion of false information and modificationmaking; authentication of electronic documents by signing with anelectronic digital signature of a user; identification of a user;protection of electronic documents against copying by analogy todocuments on a paper medium having protection against the counterfeit;the possibility of a simultaneous exchange of copy-protected electronicdocuments; the possibility for various users to sign an electronicdocument with their electronic signatures simultaneously; settlements inelectronic cash and electronic bills between different users; thepossibility for converting electronic cash and electronic bills intoelectronic money of various payment systems; protection of computerprograms and databases against non-authorized copying.

Said results according to the invention are accomplished by acombination of devices and methods combined in a personalcryptoprotective complex consisting of a code-carrying medium that is acassette using which cryptographic information protection is carriedout, and a terminal device by means of which communication of thecassette with the outside world is carried out. The cassette has aninput/output port for open information and an input/output port forencrypted information that is connected by a user to the terminal devicewith similar ports. The terminal device may be connected to a personalcomputer, to a telephone, to a card reader. One cassette is connected toother cassette by means of terminal devices and a communication linkthrough input/output port for encrypted information. Information fromand for a user is transmitted through the input/output port for openinformation, respectively.

Cassettes of all personal cryptoprotective complexes have a unifiedarchitecture, common software and an identical secret mother code thatis a set of random numbers (M1, M2, . . . , MN) recorded into saiddevices in a protected way excluding the possibility of copying themother code onto other media and variations of a program code ofsoftware. The software and the mother code should be recorded to amemory of cassettes by special recorders that operate in the off-linemode and cannot be accessed from the outside, and the mother code beingthe basis to establish a cryptoprotective session should be generatedusing a hardware generator of random numbers directly in a centralrecorder. The software is recorded to a ROM of the cassette, and themother code is recorded to a volatile memory such as CMOS powered from abuilt-in accumulator battery. Powered from the present battery are alsoa built-in real-time non-adjustable clock playing an important role in anumber of operations, and a protective sheath into which the cassette ispacked and which prevents extraction of information from the cassette,said information containing data of the mother code.

The protective sheath consists of an external casing sheath, an externallight-reflecting surface, an internal light-reflecting surface, and atransparent layer located between the light-reflecting surfaces. The twolight-reflecting surfaces also face each other. There are alight-emitting diode and several photocells on internal light-reflectingsurfaces. A program for testing integrity of the protective sheath, asincluded in the software, tests the supply of power pulses from theaccumulator battery to the light-emitting diode and the reception ofpower-information pulses from each photocell, and when characteristicsof the power-information pulses vary, said program destructs the mothercode. To execute operations, the cassette includes a microprocessor, aRAM, a random-number generator. For recording information, the cassetteis provided with a multiple writable PROM. The structure of the softwarerecorded in the ROM includes an encryption/decryption program, aninformation-processing program, and an individual number of a personalcryptoprotective complex. The feature of the encryption/decryptionprogram is that the knowledge of initial and encrypted information doesnot entail a representation about a key to be used, that is, a mothercode, and any information is encrypted using at least one random numbergenerated before the beginning of encryption by the built-inrandom-number generator. The feature of the information processingprogram consists in that the program checks an incoming open informationfor presence of certain bit sets—so-called service symbols—therein, andprevents inclusion of said symbols into a decrypted electronic documentsat the presence of said symbols in a falsified electronic document. Theinclusion of service symbols in the encrypted electronic document isexclusively a prerogative of the information-processing program. Servicesymbols are the major instrument in fulfillment of various cryptographicoperations that allow determination of service information in theelectronic document. Besides, functions of the information-processingprogram are closed for a user, therefore, user's commands incorrect fromthe viewpoint of the program are ignored, while the commands entered ina structure of service information are always received for execution bythe program. Recorded in the ROM are also personal data of a user,including his or her electronic digital signature. The present record ismade after purchase of a personal cryptoprotective complex by the user,wherein this record is made by an official registering clerk withsimultaneous registration of this information, including an individualnumber of a personal cryptoprotective complex, to an open database.

Further, the structure of the personal cryptoprotective complex includesa user identification device—an identification wristband equipped withlatches having fixation sensors, a lead for connection to the terminaldevice, and a device for automatic replacement of the accumulator. Theidentification wristband serves for storage of single-use accesspasswords that are automatically deleted in removal of the wristband,and provides convenient and fast identification of a user when he or shefulfils cryptoprotective operations.

BRIEF DESCRIPTION OF THE DRAWINGS

The disclosed group of inventions will now be explained with referenceto drawings, in which:

FIG. 1 is an personal cryptoprotective complex;

FIG. 2 is a diagram of a cassette arrangement of the personalcryptoprotective complex;

FIG. 3 is a functional diagram of a protective sheath;

FIG. 4 is a functional diagram for establishment of a cryptoprotectivesession:

FIG. 4, a), shows the exchange of random numbers Z and Z*;

FIG. 4, b), shows the record of random numbers Z and Z* in a RAM;

FIG. 4, c), shows the derivation of a resulting number X from thenumbers Z and Z*;

FIG. 4, d), shows the derivation of a dynamically transformable daughtercode from a number X and numbers M_(n);

FIG. 4, e) shows the synchronous transformation of the dynamicallytransformable daughter code in personal cryptoprotective complexes ofthe two users, and also the encryption, transmission, and decryption ofinformation;

FIG. 5 is a functional diagram for transmission of an encrypted message:

FIG. 5, a) shows a user A who inputs an individual number “I” of apersonal cryptoprotective complex (ICPC) of an addressee to own ICPC;

FIG. 5, b), shows the derivation of a resulting number X from numbers Zand I;

FIG. 5, c), shows the user A who encrypts and sends an electronic lettertogether with the number Z;

FIG. 5, d) shows the addressee who inputs the received number Z to ownICPC and derives the resulting number X using own number I;

FIG. 5, e), shows the addressee who inputs the decrypted electronicletter and obtains its original text;

FIG. 6 is a functional diagram for generating an electronic documentwith a decryption password:

FIG. 6, a), shows the generation of the electronic document with thedecryption password;

FIG. 6, b) shows the input of a command to decrypt the electronicdocument;

FIG. 6, c), shows the decryption of service information of theelectronic document and the comparison of decryption passwords;

FIG. 6, d) shows the decryption of the electronic document and theoutput of the initial text to a user;

FIG. 7 is a functional diagram for generation of an electronic documentwhere service information presents, and for protection against obtrusionof false information:

FIG. 7, a), shows the generation of the electronic document with serviceinformation;

FIG. 7, b) shows the recognition of service information by means ofservice symbols in decryption of the electronic document, and the outputof service information together with service symbols to a user;

FIG. 7, c), shows the falsification of the electronic document byinclusion of service information and service symbols in the text beforethe encryption;

FIG. 7, d) shows the recognition and removal of service symbols togetherwith the falsified service information from the text in decryption ofthe electronic document;

FIG. 8 is a functional diagram for generation of an electronic documentwhere an electronic digital signature of an ICPC user presents:

FIG. 8, a), shows the ICPC that outputs a user identification request inresponse to a user's command to sign the electronic document;

FIG. 8, b), shows the input of the electronic document automaticallyadded with an electronic signature of a user, a signing time and dateand an individual number of a user's ICPC, after input of useridentification data;

FIG. 8, c), shows the output of the electronic signature to the userafter decryption of the electronic document, said signature includingthe signing date and time and the individual number of the user's ICPCtogether with service symbols that allow authentication of theelectronic signature in the present electronic document;

FIG. 9 is a functional diagram for three-step transmission of theelectronic document with protection against copying:

FIG. 9, a), shows the transmission of the electronic document from oneICPC to another, wherein the electronic document is disabled in the twoICPCs for a specified time period T1;

FIG. 9, b), shows the sending of an electronic-document-loadingacknowledgement password in response to the reception of the electronicdocument, wherein an electronic document disabling time in the two ICPCsis changed for T2;

FIG. 9, c), shows the sending an electronic-document-transmissionacknowledgement password in response to the receivedelectronic-document-loading acknowledgement password, wherein thedisabled electronic document in a sender's ICPC is deleted from thememory, and the electronic document in a recipient's ICPC is enabled;

FIG. 10 shows a functional diagram for protection of a computer programagainst copying:

FIG. 10, a) shows the transmission of a decryption password from oneICPC to another, wherein a decryption password is disabled in the twoICPCs for a specified time period T1;

FIG. 10, b), shows the sending of a decryption-password-loadingacknowledgement password in response to the reception of the decryptionpassword, wherein a decryption password disabling time in the two ICPCsis changed for T2;

FIG. 10, c) shows the sending of a decryption-password-transmissionacknowledgement password in response to the receiveddecryption-password-loading acknowledgement password, wherein thedisabled decryption password in a sender's ICPC is deleted from thememory, and the decryption password in a recipient's ICPC is enabled;

FIG. 10, d), shows the processing of a computer program using theenabled decryption password;

FIG. 11 is a functional diagram for transmission of a decryptionpassword for a computer program on an independent medium:

FIG. 11, a), shows the input of a command and information to record apassword onto the independent medium into a ICPC in order to perform thesubsequent transmission to another ICPC;

FIG. 11, b) shows the transmission of the password in the encrypted formto the independent medium, and the automatic deletion of said passwordfrom a memory of the ICPC;

FIG. 11, c) shows the sending of the encrypted password to a recipient'sICPC where collation with a current date and an individual number of theICPC is made, and in case of positive result, the decrypted password isrecorded to the PROM, but without a right to transmit before theexpiration of a date indicated in service information;

FIG. 11, d) shows that the decryption password can be transmitted toanother user under the same scheme after the expiration of the dateindicated in service information;

FIG. 12 shows a functional diagram for simultaneous exchange ofcopy-protected electronic documents:

FIG. 12, a) shows that, before exchange of copy-protected electronicdocuments, one of users inputs a command of simultaneous exchange ofelectronic documents, then transmission of electronic documents from oneICPC in another is made, wherein electronic documents are disabled inthe two ICPCs for a specified time period T1;

FIG. 12, b), shows the sending of an electronic-document-loadingacknowledgement password in response to the reception of the electronicdocument, wherein an electronic document disabling time in the two ICPCsis changed for T2, and besides, users are able to see the text of thedisabled electronic documents;

FIG. 12, c), shows that the user inputs anelectronic-document-transmission acknowledgement command whereupon anacknowledgement signal is sent to an ICPC of another user;

FIG. 12, d), shows that after the exchange of acknowledgement signals,the synchronization according to a last signal and the simultaneousexchange of electronic-document-transmission acknowledgement passwordsare carried out, wherein the disabled electronic document in a sender'sICPC of is deleted from a memory, and the electronic document in arecipient's ICPC is enabled;

FIG. 13 shows a functional diagram for protection of information againstlistening in open communication links:

FIG. 13, a), is a diagram for counteraction to passive listening:

To generate a single-use key of a communication session, a user A and anoutside user should make an exchange of random numbers Z and Z*. Aneavesdropping user cannot decrypt intercepted information since his orher cassette cannot generate the same single-use key of thecommunication session from intercepted numbers Z and Z* because for thatit is impossible to satisfy the following condition: one of numbers Z orZ* should be received by own random-number generator in the cassette ofthe user.

FIG. 13, b, is a diagram for counteraction to active listening:

To generate a single-use key of a communication session, a user A and anoutside user should exchange random numbers Z and Z*. In this diagramthat illustrates the information eavesdropping between users, aneavesdropping user uses two cassettes to establish an imaginarycommunication session using two single-use keys ZA and Z*B and toreceive decrypted information within a distance between the cassettes.There are two simple methods for detecting active listening tocounteract to the present eavesdropping:

1) After the exchange of random numbers in cassettes of users,protected-communication-session-establishment acknowledgement passwordsare generated, and these passwords may be expressed in the verbal formfor convenience. To be convinced of absence of active listening, usersshould inform each other about these passwords, and in case of theirfull coincidence, absence of the information listening on acommunication link is ensured.

2) An exchange of electronic visiting cards of users; the user A canreceive an electronic visiting card of the outside user and vice versa,respectively, only at absence of active listening.

FIG. 13, c), is a diagram for decryption of an electronic letter:

To generate a single-use key for encryption of the electronic letter,the user A uses an individual number of the outside user's cassette anda random number that he or she sends together with the encryptedelectronic letter. An eavesdropping user cannot decrypt information inthe encrypted electronic letter since his or her cassette can notdevelop the same single-use decryption key from intercepted numbers Zand I because for that it is impossible to satisfy the followingcondition: the number I should be an individual number of the user'scassette.

FIG. 14 is a functional diagram for transmission of an electronic letterat notice:

FIG. 14, a) shows generation, sending and reception of the electronicletter at notice in process of a cryptoprotective communication session;

FIG. 14, b), shows that a recipient of the electronic letter at noticegenerates the notice and sends an appropriate signal to a sender;

FIG. 14, c), shows that users simultaneously send the decryptionpassword to each other in response to the notice of reception of thepresent letter.

THE PREFERRED EMBODIMENT OF THE INVENTION

The personal cryptoprotective complex formed in accordance with theinvention operates as follows. A user connects a cassette 1 (FIG. 1) toa terminal 2 also activates it by supplying a work starting signal. Theactivated cassette outputs a user access right request to the user. By aterminal device 2, the user inputs his or her identification datacollated by the cassette with data earlier inputted by the user andstored in a PROM 13 (FIG. 2). In case of coincidence of the data, thecassette continues operation. To simplify and accelerate the useridentification procedure during the further work in execution ofcryptoprotective operations, the user would connect an identificationwristband 6 to fixation sensors by means of a lead 8, said wristbandbeing worn on a hand of the user be means of latches 7. After the firstsuccessful identification of the user, the cassette checks presence ofthe connected identification wristband, and at its detection, generatesseveral single-use random passwords while keeping them simultaneously inthe PROM 13 of the cassette and in a PROM of the identificationwristband 6. Before each operation that requires to check the useraccess right, the cassette requests the identification wristband for oneof single-use passwords, receives a password, collates it with passwordsstored in the PROM 13, and at the coincidence of the passwords considersthe check of access to be successful. At the same time, the usedsingle-use password is deleted from the memories of the cassette and theidentification wristband. At removal of the wristband from the userhand, the fixation sensors of the latches 7 supply a signal to amicroprocessor of the identification wristband, and then automaticdeletion of all unused passwords from the memory of the wristband ismade. In addition, for convenience of the user, the identificationwristband 6 and the terminal device 2 may be provided with a wirelessinterface for interfacing with a wireless data transmission channel. Ifthe identification wristband comprises an accumulator, its replacementmay take place during connection of the lead 8 to the terminal 2 bymeans of an automatic accumulator replacement device 9. The user canalso use the identification wristband for access to objects providedwith special electronic locks in which single-use access passwords arestored. At the same time, the single-use access passwords may bereceived by generators of pseudo-random numbers located in a personalcryptoprotective complex of a user and in an electronic lock of anobject to be accessed, said generators operating in accordance with asimilar program and developing identical single-use access passwords.

Since operations executed by the cassette require the strengthenedprotection, then, the cassette is provided with a microprocessor 16capable of suppressing and masking self-microradiations and creatingfalse microradiations. The microprocessor 16 comprises additionalparallel paths to supply signals compensating the microradiations of ownsignals of the microprocessor, and a generator for generating falsemicroradiations in a frequency band of self-microradiations of themicroprocessor. Besides, the cassette 1 is packed into a protectivesheath 10 that prevents withdrawal of information from a memory 14 ofthe cassette. Recorded into the CMOS-type memory 14 is a mother code 15being the basis to carry out encryption and decryption of allinformation. Damage of the protective sheath 10 results in destructionof the mother code 15. The present protection operates as follows. Anaccumulator battery 11 supplies power pulses 31 (FIG. 3) to alight-emitting diode 29, the dosage and periodicity of said pulses beingmonitored by a program of a protective sheath integrity monitor unit 23.The light-emitting diode 29 generates quanta of light power 32 which,being reflected from light-reflecting surfaces 26 and 27, aredistributed through a transparent layer 28 around of the cassette withinthe protective sheath. Photocells 30 located in various places on thelight-reflecting surface 27 absorb quanta of light power 32 and convertthem into power-information pulses that are metered and compared toreference values using the program of the protective sheath integritymonitor unit 23. If at least one of light-reflecting surfaces will bedamaged, values of the power-information pulses will vary considerably.Such a variation will be estimated by the program of the protectivesheath integrity monitor unit as destruction of the protective sheath,and the program will give a command to delete the mother code 15 fromthe memory 14. In doing so, other information will be stored in thememory of the cassette.

The basic operation executed by the cassette of the personalcryptoprotective complex is the operation of informationencryption/decryption. The present operation is executed according to analgorithm incorporated in an encryption/decryption program 21 recordedin a ROM 17. Keys being the basis to carry out the encryption/decryptionare a mother code 15 consisting of a set of random numbers (M1, M2, . .. , MN), and a temporary key consisting of at least one random number Zproduced by a built-in random-number generator 20. The encryption anddecryption with use of personal cryptoprotective complexes includes thefollowing steps to be realized in each of personal cryptoprotectivecomplexes:

1) connecting, by at least two users, their personal cryptoprotectivecomplexes 34 and 35 (FIG. 4) to a communication link and establishing,by said users, a number of cryptoprotective session participants;

2) producing a random number Z 36 in the personal cryptoprotectivecomplex 34 and a random number Z* 37 in the personal cryptoprotectivecomplex 35, and storing the present numbers in a random access memory18;

3) exchanging, through a communication link, data of the produced randomnumbers Z and Z* between said personal cryptoprotective complexes toestablish a time moment of starting the generation of a single-use keyof a communication session;

4) synchronous generating a single-use key X 38 of the communicationsession by reading the stored random number Z 36 out of the randomaccess memory, executing a predetermined arithmetic operation on therandom number Z 36 read out of the random access memory and the randomnumber Z* 37 received from another user cryptoprotective device, toderive a resulting number X, and storing the resulting number X in therandom access memories of the two devices;

5) synchronous generating a dynamically transformable daughter code inthe individual cyrptoprotective complexes on the basis of the mothercode and the single-use key of the communication session;

6) inputting and dividing initial transmitted information 40 intopackets of a determined size, and encrypting the packets with use of thedynamically transformable daughter code;

7) transmitting the encrypted packets of information 41 to at least oneother personal cryptoprotective complex;

8) receiving the encrypted packets of information 41 in said at leastone other personal cryptoprotective complex;

9) decrypting the received encrypted packets with use of the dynamicallytransformable daughter code;

10) combining the decrypted packets into the initial information, andoutputting information 42 to a user;

wherein steps (5)-(10) are repeated to transmit information in a reversedirection during the same communication session.

The time moment of starting the generation of the single-use key X 38 ofthe communication session is established according to the moment oftransmitting and receiving data corresponding to a last number from saidrandom numbers exchanged through the communication link at the step (3).

The transformation of the dynamic daughter code 39 is synchronizedaccording to the moment of transmitting and receiving each ofinformation packets.

Simultaneously with establishment of a daughter communication session, asingle-use password of protective-communication-session acknowledgementis generated in each of personal cryptoprotective complexes thatcoincides at the present participants of the communication session andis used to make sure of establishment of the protected communicationsession (FIG. 13, b). In realization of the duplex communication usingthe personal cryptoprotective complexes 34 and 35, two dynamicallytransformed daughter codes are synchronously generated in each of themon the basis of the mother code and the single-use key of thecommunication session. If the first dynamically transformable daughtercode for one of personal cryptoprotective complexes is used forencryption of information, then, said dynamically transformable daughtercode for another personal cryptoprotective complex is used fordecryption of information and it is accordingly considered to be asecond dynamically transformable daughter code. At the same time, thetransformation of the first dynamically transformable daughter code atthe steps (6) and (9) is synchronized according to the moment oftransmitting each of information packets, and the transformation at thesteps (6) and (9) for the second dynamically transformable daughter codeis synchronized according to the moment of receiving each of informationpackets, thus, the synchronization of each pair of dynamic transformabledaughter codes is carried out irrespective of other pair.

In a case when the encryption of information is carried out in anelectronic letter mode to send the encrypted information further to auser-addressee, a sender inputs an individual number 19 of personalcryptoprotective complex of the addressee (FIG. 5) to the cassette 1 bymeans of the terminal device 2, and also inputs a command to encrypt amessage 40. The encryption and decryption of the message includes thefollowing steps:

in the personal cryptoprotective complex 34 (FIG. 5) being a sender ofinformation 40, producing a random number Z 36 and storing said randomnumber in a random access memory 18, inputting an individual number I-19of the personal cryptoprotective complex 35 of an information recipient,generating a single-use encryption key by reading the stored randomnumber Z and the individual number I out of a random access memory,executing an arithmetic operation on the random number Z and theindividual number I to derive a resulting number X 38, and storing theresulting number X in the random access memory 18, generating adynamically transformable daughter code 39 on the basis of the mothercode 15 and the single-use encryption key 38, inputting and dividing thesent information 40 into packets of a determined size, encrypting thepackets with use of the dynamically transformable daughter code, andoutputting the encrypted packets of information 43 to record onto amedium together with the random number Z 36 to transmit it further tothe recipient, wherein the transformation of said dynamic daughter codeis made according to the moment of terminating the encryption of apredetermined amount of information bytes;

in the personal cryptoprotective complex 35 being the recipient ofinformation, reading an individual number I-19 of the personalcryptoprotective complex of the information addressee out of the ROM 17and storing said individual number in the random access memory 18,inputting the number Z 36 received from the information sender to therandom access memory, generating a single-use encryption key by readingthe stored random access number Z and the individual number I out of therandom access memory, executing an arithmetic operation on the randomnumber Z and the individual number I to derive the resulting randomnumber X 38, and storing the resulting random number X in the randomaccess memory, generating the dynamically transformable daughter code 39on the basis of the mother code 15 and the single-use encryption key 38,inputting the encrypted packets of information 43 from the medium, anddecrypting the packets by means of said dynamic daughter code 39,wherein the transformation of said dynamic daughter code is madeaccording to the moment of terminating the decryption of a predeterminedamount of information bytes, and combining the packets and outputtingthe decrypted information 44 to the information recipient.

Both methods of information encryption/decryption using the personalcryptoprotective complexes prevent decryption of the interceptedinformation by an eavesdropping user 81 (FIG. 13). The basic obstaclefor decrypting information by the user 81 who uses the devices similarto that of the users 34 and 35, is that the information processingprogram 22 recorded in the ROM 17 of each cassette monitors all commandsof a user, and when commands of the user are incorrect from theviewpoint of the program, such commands are ignored. Thus, the cassetteof the user 81 will be unable to generate a single-use key of thecommunication session 38 from the intercepted numbers 36, 37 in thediagram a) (FIG. 13) and 36, 19 in the diagram c) (FIG. 13) since thefollowing conditions are not met: in the diagram (a), one of the randomnumbers 36 or 37 should be necessarily derived by own random-numbergenerator, and in the diagram (c), the number 19 should be ownindividual number of the cassette. In a case with the variant (b) of thediagram (FIG. 13), a single-useprotected-communication-session-establishment-acknowledgement passwordis generated simultaneously with generation of a daughter key of thecommunication session in each of personal cryptoprotective complexes 34and 35, said password coinciding at the present participants of thecommunication session only at absence of active listening, and beingused to make sure of establishment of the protected communicationsession.

In encryption of electronic documents, the need is frequently generatedthat other users of personal cryptoprotective complexes mightfamiliarize in future with the text of an electronic document. For thispurpose there is an encryption mode with application of a decryptionpassword of a given electronic document 45 (FIG. 6). When this mode isswitched on by a user's command 46 to establish the password, a randomnumber Y 48 is generated in the cassette 1 prior to begin theencryption, said random number being further a decryption password ofthe electronic document. The information processing program inserts thenumber Y in the beginning of the electronic document to be encrypted,wherein the present number is marked with service symbols 47 at bothsides, said symbols together with the number Y 48 forming serviceinformation. The number Y is outputted to the user who transmits saidnumber to other users together with the encrypted electronic document.

The decryption of the electronic document is as follows. The user 35inputs a command 50 to decrypt the electronic document to the cassette,and inputs the decryption password—the number Y, then inputs an initialpart of the encrypted electronic document containing the encryptednumber Y. Inputted data is the basis to generate a single-use key X inthe cassette, used to generate a dynamically transformable daughter codeusing which a part of the electronic document that contains the number Yis decrypted. Then the comparison of the number Y inputted by the userand the decrypted number Y is made. If the numbers coincide, thecassette continues decryption of the electronic document and outputs thedecrypted text of the electronic document to the user. The comparison ofthe numbers Y may occur in another way as well, that is to say: theinputted number Y is encrypted, its cryptogram is collated with theencrypted number Y, and in case of coincidence, the cassette startsdecryption of the electronic document. For convenience of a user whoencrypts the electronic document with application of the decryptionpassword, the user can use as a password his or her own set of symbols Dinputted to the cassette together with a command to establish thedecryption password. Then, using the random-number generator in thecassette, the random number Y is produced and a determined reversiblearithmetic operation between said random number Y and the number D isexecuted, and the final result is a number F being outputted to the usertogether with the encrypted electronic document for transmission to thepersonal cryptoprotective complexes of other users or for record onmedia. At least in one anyone personal cryptoprotective complex, thenumber F is inputted, the decryption password D is inputted, thearithmetic operation is executed between said numbers, the obtainedresult Y is stored in the random access memory of the personalcryptoprotective complex and is used for decrypting the inputtedinformation. Besides, service information of the encrypted electronicdocument may contain the commands included by command of the user of thepersonal cryptoprotective complex 34, said commands being addressed topersonal cryptoprotective complexes and establishing the date and timeof decrypting the electronic document, so a personal cryptoprotectivecomplex of any user decrypting the electronic document will decrypt itonly after the expiration of said date and time, and predeterminedcommands permissive of making a certain modification in the contents ofthe electronic document may be included as well.

The encryption/decryption program should provide counteraction tocalculation of the mother code by comparison of an unlimited array ofinitial information and the same array of a cryptogram of giveninformation. For this purpose, the program includes operations havingirreversible character. The encryption and decryption proceeds asfollows:

1) reading the number X 38 out of the random access memory 18, reading afirst number M1 of the mother code 15 out of the memory 14, executing anarithmetic operation on the numbers X and M1 to derive a first resultingnumber of a determined digit capacity, said resulting number beingstored in the random access memory 18, wherein k low-order digits areseparated from said number, and a number corresponding to a determinednumber of the digit capacity k is assigned to the obtained number P1;

2) reading said first number P1 out of the random access memory 18,reading a second number M2 of the mother code 15 out of the memory,executing the arithmetic operation on the numbers P1 and M2 to derive asecond number P2, and storing said number P2 in the random access memory18;

3) repeating step (2) for numbers P(i−1) and Mi, where i=3, . . . , N,for derivation of a set of numbers P3, . . . , PN stored in the randomaccess memory 18;

4) forming two subsets of the set of numbers P1, . . . , PN, a first ofwhich consists of numbers corresponding to k low-order digits of numbersP1, . . . , PN, and a second set consists of the numbers correspondingto m high-order digits of numbers P1, . . . , PN, grouping the secondsubset of numbers into a table to addresses corresponding to numbers ofthe first subset, the quantity of said numbers being equal to a possiblequantity of numbers in the first subset;

5) selecting a column of the table with a maximum quantity of numbersfrom the second subset or all columns with an identical maximum quantityof numbers, and executing sequentially the arithmetic operation withconsecutive pairs of numbers of selected columns, as a result of whichan intermediate number K is obtained;

6) repeating the processing steps (1)-(4) for the number K and the setof numbers P1, . . . , PN, wherein step (4) includes selecting k=8 bitsand distributing the obtained numbers of the second subset into thetable with 256 columns numbered by one of 256 bytes, wherein columnswith the quantity of numbers less than two are added by numbers fromcolumns with the maximum quantity of numbers;

7) sequentially executing the arithmetic operation with consecutivepairs of numbers from columns to obtain a number Q1, . . . , Q256 of adetermined digit capacity for each column,

8) forming two subsets of the set of numbers Q1, . . . , Q256, a firstof which consists of numbers corresponding to 4 low-order digits ofnumbers Q1, . . . , Q256, and a second set consists of the numberscorresponding to remaining high-order digits of numbers Q1, . . . ,Q256, grouping the second subset of numbers into a 100×100 table toaddresses corresponding to numbers of the first subset;

9) forming a 16×16 table of bytes corresponding to the second subset ofnumbers from step (8) by consecutive row-wise passing through the100×100 table, finding cells therein with numbers of said second subset,and recording bytes corresponding to the found numbers into the 16×16table in the same sequence;

10) executing arithmetic operations on numbers of the second subset fromthe step (8) corresponding to at least two next bytes for every byte ofthe 16×16 table to obtain two new subsets and a second 16×16 table, byrepeating steps (8)-(9);

wherein steps (1)-(10) are carried out identically in both encryptionand decryption, further encryption of information is carried out byrepresenting information in 8-bit bytes, substituting them into thefirst table, comparing coordinate bytes of initial information in thefirst table with similar coordinate bytes in the second table, replacingthe bytes of initial information by bytes from the second table withsaid coordinates, and outputting cryptogram bytes obtained as a resultof replacement for the subsequent transmission, and decryptinginformation by replacing the obtained cryptogram bytes by theirsubstitution into the second table, comparing coordinates of thecryptogram bytes in the second table with similar coordinates of bytesin the first table, and replacing cryptogram bytes by bytes from thefirst table with said coordinates, and outputting bytes obtained as aresult of replacement to the user;

11) after the encryption and decryption of a determined amount ofinformation by means of the generated daughter code, updating the firstand second 16×16 tables by removal of the first table, its replacementby the second table, and generation of the new second table according tostep (10).

Arithmetic operations on numbers should be executed by dividing onenumber by another one and storing of the obtained result in the randomaccess memory 18, followed by selecting n meaning figures in theobtained number which are represented as a natural integer of a digitcapacity n, and storing this number instead of a result of division inthe memory for further use.

To accelerate the encryption and decryption processes, the following wayis used in each personal cryptoprotective complex: prior to begin theencryption and decryption of information, creating several 16×16 tablesin the total amount R by repeating steps (8)-(9), said amount beingpredetermined and more than two, and storing said tables in the randomaccess memory 18, wherein an information packet consists of a determinedamount of bytes and is encrypted and decrypted using two 16×16 tables,starting with the first and second tables, then encrypting anddecrypting a next information packet using the first and third tablesand so on up to the last 16×16 table that is also used in a pair withthe first table, then deleting the first table, replacing it with thesecond table, replacing the second table with the third table and so onup to the last table put on a place of the penultimate table, andputting a new 1 6×16 table on a place of the last table, said new tablebeing formed according to the step (10), and continuing the encryptionand decryption of information packets, starting with the first andsecond tables.

To enhance the cryptoresistance, it is possible to replace the 8-bitrepresentation of information by the 9-bit representation. In this case,the processing steps (1)-(4) are repeated, wherein step (4) comprisesselecting k=9 bits, and the obtained numbers of the second subset aredistributed into a table with 512 columns numbered by one of 512 bytes,while the columns with a quantity of numbers less than two are added bynumbers from columns with a maximum quantity of numbers, the 16×16 tableis replaced by a 8×8×8 table, and the 100×100 table is replaced by a100×100×100 table.

When encrypting and decrypting the electronic documents, atable-transformation relationship of the encrypted/decrypted informationis introduced at the step (11), which gives protection againstmodification in the encrypted text of the electronic document, becauseone modified symbol of the cryptogram will result in propagation ofmodification over all subsequent text in decryption of the electronicdocument.

To provide additional protection against modification in the encryptedinformation, the hashing of each packet of initial information isapplied wherein a hashing result is added to the packet, the obtainedpacket is encrypted by a second hash-function with addition of a secondhashing result. The authenticity of the encrypted information isestablished by the following steps: receiving the transmitted encryptedpackets and the second hashing result added to each packet, restoringdata partially lost or deformed in data transmission with use of thesecond hashing result by inverse hashing to obtain at least one variantof the encrypted information packet, decrypting at least one variant ofthe encrypted information packet, and recording at least one variant ofa decrypted packet in the random access memory. The reverse hashing ofdecrypted information packets takes place using the first hashingresult, and the search for an authentic variant of an initialinformation packet is carried out, wherein said authentic variant isoutputted to the user only upon its detection, and all other falsevariants of a decrypted packet are deleted from the random accessmemory.

The problem of authenticating electronic documents 45 (FIG. 8) is solvedas follows:

A command 57 to sign an electronic document 45 is inputted to thecassette 1 of the personal cryptoprotective complex by means of theterminal device 2. The cassette outputs a user identification request 58to a user, and the user inputs his or her identification data 59. At thecoincidence of the inputted identification data with the stored data,the cassette starts the encryption of the electronic document 45 in aprotection-against-modification mode. The text of the electronicdocument is inputted through the terminal device 2 from an input deviceor a medium. After termination of the text encryption, a first servicesymbol 47, service information 54, and a second service symbol 47closing the service information are added under control of theinformation-processing program to the text of the electronic document.At the same time, the encryption of the text of the electronic document,service information and service symbols is made as an encryption of theunified document by one single-use key X 38. Service information 54 inthis case consists of user's data 24 representing an electronic digitalsignature, an individual number 19 of the personal cryptoprotectivecomplex, signing date and time taken from the built-in clock 12. Whenoutside users 35 decrypt the electronic document, firstly, the text ofthe electronic document is decrypted and outputted to the user throughthe terminal device 2, and then the service information 54 determined bythe information processing program 22 using the service symbols 47 isdecrypted and outputted for the user onto a display with indication thatthe present information really is an electronic digital signatureexactly of the present electronic document. The electronic digitalsignature is used to establish the signing date and time and the personwho has signed the electronic document, because a registering clerkpreliminary puts the user's data present in the electronic digitalsignature to the ROM 17 of the personal cryptoprotective complexsimultaneously with its recording in a public database 85 (FIG. 13).Besides, the electronic digital signature includes an electronic photoof the user that allows identification of the electronic digitalsignature without reference to the database.

The electronic digital signature of a user of a personalcryptoprotective complex is registered by following steps:

taking user's data 24, an individual number 19 of a cassette 1 of his orher personal cryptoprotective complex 34, a user statement recorded by adigital video camera and containing information that allows to identifythe user;

inputting information to a personal cryptoprotective complex of aregistering clerk, signing the received information with an electronicdigital signature of the registering clerk, encrypting said informationand sending it to a central server;

inputting information to a central cryptoprotective complex, decryptingthe received information, putting the decrypted information into thedatabase 85 of electronic digital signatures, generating the electronicdigital signature of the user from the received information, certifyingsaid signature by an electronic digital signature of the centralcryptoprotective complex containing a predetermined information,encrypting and sending said information to the personal cryptoprotectivecomplex 34 of the user;

receiving and decrypting information in accordance with an incorporatedprogram, checking the electronic digital signature of the user forconformity with a typical template, checking presence of the electronicdigital signature of the central cryptoprotective complex, collating anindividual number contained in the received electronic digital signatureof the user with the individual number of the personal cryptoprotectivecomplex of the user, and in case of positive results, recording theelectronic digital signature of the user to the ROM 17 of the cassetteof his or her personal cryptoprotective complex.

In contrast to the electronic digital signature stored in the ROM 17 ofthe cassette 1 of the user, an electronic seal contains data of adetermined legal person and is stored in the PROM 13 of the cassette 1.In contrast to the electronic digital signature, the electronic seal canbe transmitted from one cassette to another with simultaneous removalfrom the PROM 13 of the cassette from which the transmission is made.The electronic seal is registered similarly to registration of theelectronic signature.

The personal cryptoprotective complex makes any electronic documentcertifiable using the right of ownership by any user being in possessionof the present electronic document, said certification being withoutmodification in the contents of the electronic document. An embodimentof such electronic document is an electronic bearer bill. The presentelectronic document has a property of protection against copying byanalogy to documents on the paper medium that are protected againstcopying in various ways (holographic marks and watermarks, a backgroundpattern, and sewn-in threads). Specificity of protection of theelectronic document against copying is that not a plaintext of theelectronic document but its cryptogram or a decryption password of theelectronic document cryptogram is protected against copying.Accordingly, the proof of being in possession of a copy-protectedelectronic document is the ability of the user of personalcryptoprotective complex to receive the decrypted text of the presentelectronic document using the cassette in which the cryptogram or thedecryption password of the electronic document cryptogram is stored. Theplaintext of the copy-protected electronic document is considered to bea copy of said document. The personal cryptoprotective complex allowsprovision of any electronic document with the property of protectionagainst copying. For this purpose, the input of user's information tothe personal cryptoprotective complex 34 (FIG. 9) includes the input ofuser's commands to set a user's information-processing mode and togenerate a non-copied electronic document, and the processing of theinputted user's information.

Then, in accordance with the established mode of processing the user'sinformation and the earlier received information, service information 54is generated by means of the information processing program 22 and iscombined with the processed user's information to obtain an electronicdocument 60, attributes of the electronic document in the form ofservice information 54 are separated from the processed user'sinformation with the predetermined service symbols 47, and in accordancewith the user's command to generate the non-copied electronic document,a certain command in the form of a typical set of symbols earlierinputted to the ROM 17 is included in the service information as a partof the information processing program 22 for the personalcryptoprotective complexes, and the obtained electronic document 60 isstored in a section of the PROM 13 provided in the personalcryptoprotective complex and intended for non-copied electronicdocuments.

The transmission of the electronic document with protection againstcopying by protection of the electronic document cryptogram againstcopying is carried out by the following method that comprises:

establishing a protected communication session with application ofpersonal cryptoprotective complexes 34 and 35 on the basis of asingle-use key 38 of the communication session generated using randomnumbers, and inputting a user's command to transmit a non-copiedelectronic document 60 recorded in a PROM 13 to other subscriber of theestablished communication session;

encrypting the electronic document by a dynamically transformabledaughter code 39 while reading an electronic documentinability-for-copying command out of service information 54,establishing the protection against modification to the encryptedinformation, and transmitting the encrypted information to anotherpersonal cryptoprotective complex 35;

upon termination of transmission of the non-copied electronic document61, disabling it for a predetermined time period T1 in the PROM 13according to said inability-for-copying command;

receiving the electronic document and decrypting the electronicdocument, establishing the reliability of information by check forabsence of distortions in said information,

searching for and selecting service information from decryptedinformation by means of service symbols 47, using the service symbols tofind the service information 54 containing the electronic documentinability-for-copying command, recording the electronic document to thesection of the PROM 13 intended for non-copied electronic documents, anddisabling said document 61 for the predetermined time period T1;

generating an electronic-document-loading-acknowledgement password 62 inthe personal cryptoprotective complex 35 of a receiving party andtransmitting the electronic-document-loading-acknowledgement password inthe encrypted form to the personal cryptoprotective complex 34 of asending party;

in case if the sender does not receive theelectronic-document-loading-acknowledgement password 62 from therecipient during the time period T1, enabling the electronic document inthe PROM of the personal cryptoprotective complex 34 of the sender,while ignoring the subsequent reception of said password;

in case if the recipient does not send theelectronic-document-loading-acknowledgement password 62 to the senderduring the time period T1, deleting the electronic document from thePROM 13 of the personal cryptoprotective complex 35;

receiving the electronic-document-loading-acknowledgement password 62 inthe personal cryptoprotective complex 34 of the sending party,generating an electronic-document-transmission-acknowledgement password63, and requesting a user acknowledgement in response to the sending ofthe present password to the personal cryptoprotective complex 35 of thereceiving party;

in case if the user gives no acknowledge in response to the sending ofthe password 63 during a predetermined time period T2, then, on theexpiration of said time period, automatically enabling said electronicdocument in the PROM 13 of the personal cryptoprotective complex 34 ofthe sender, and automatically deleting said electronic document in thePROM 13 of the personal cryptoprotective complex 35 of the recipient;

in case if the user acknowledges the sending of the password 63 duringthe time period T2, sending the present password in the encrypted formto the personal cryptoprotective complex 35 of the recipient, whereinsaid electronic document 61 is automatically deleted from the PROM 13 ofthe personal cryptoprotective complex 34 of the sender, and saidelectronic document is automatically enabled in the PROM 13 of thepersonal cryptoprotective complex 35 of the recipient when he or she hasreceived said acknowledgement password 63 for transmission of theelectronic document 60, followed by inputting user's commands,establishing a mode of processing the decrypted information according tothe user's commands received from the service information and accordingto the earlier inputted information and the information processingprogram 22, and outputting the processed information 60 to the usertogether with service symbols 47 that authenticate attributes of thereceived electronic document.

In a case if a copy-protected electronic document 60, in particular anelectronic bill, contains a variable face value denoted in apredetermined way by means of service symbols 47, then, after thedecryption of the present electronic document there are the steps of:determining a variable face value information of the electronic documentin the service information 54, and outputting said variable face valueinformation to the user; subdividing the electronic document 60 intoarbitrary parts by changing face values of parts using the informationprocessing program 22 in such a manner that their total sum remainsinvariable, wherein other characteristics and attributes of parts of theelectronic document also remain unchangeable; sending parts of theelectronic document to other personal cryptoprotective complexes;receiving several identical electronic documents 60 with variable facevalues to the personal cryptoprotective complex and automaticallycollecting said documents using the information processing program 22into a unified electronic document by summing their face values.

If the electronic document 60 with a variable face value is anelectronic bank bill of exchange with a predetermined time forrepayment, and the service information 54 of said bill contains data ofa bank drawn the bill, including electronic digital signatures of thebank generated using a personal cryptoprotective complex, data of a userwho has received the bill, currency and a face value of the bill as wellas a bill repayment date, then, after said date the bank will enable(defreeze) a mortgage amount of money left at a user's account that willbe transferred ahead of time to any holder of the present electronicbill or its part after reception of the electronic bill to the personalcryptoprotective complex of the bank, identify data of the electronicbill and determine its face value, and if the date of repaymentindicated in the bill is not later than a current date, the holder willobtain the sum corresponding to the face value of the presentedelectronic bill.

If an electronic document 60 with a variable face value is electroniccash, settlements in electronic cash are made as follows: connectingpersonal cryptoprotective complexes 34 and 35 to each other directly orwith use of a communication channel; establishing a protectedcommunication session with application of the personal cryptoprotectivecomplexes on the basis of a dynamically transformable daughter code 39generated using single-use keys 38 obtained with use of random numbers36 and 37, and inputting a user's command to transfer electronic cash ofa certain currency and sum recorded in a PROM 13 to other subscriber ofthe established communication session; checking presence of a record inthe PROM 13 of the personal cryptoprotective complex 34, said recordcorresponding in the form and contents to electronic cash of requiredcurrency; if said record present in the PROM 13, reading out the sumcorresponding to electronic cash and collating it with a requested sum;in case if the requested sum does not exceed the read out sum,outputting a user identification request to the user; inputtinginformation to the personal cryptoprotective complex and collating itwith data 24 stored in the personal cryptoprotective complex andappropriately identifying the user; in case of coincidence, generating atypical electronic document by means of the information processingprogram 22 inputted earlier, said typical electronic document containinga record of electronic cash in the currency and amount requested by theuser; simultaneously modifying the record of the electronic cash storedin the PROM 13 while reducing its cost by the transferable sum; andencrypting said electronic document by the dynamically transferabledaughter code 39, establishing protection against modification in theencrypted information and transmitting the encrypted information to thepersonal cryptoprotective complex of the user with which the protectedcommunication session is established; on the termination of successfultransmission of the electronic document, deleting it from the PROM 13;receiving the electronic document, decrypting the electronic document,establishing the reliability of information by check for absence ofdistortions in information, and making a record in the PROM 13, saidrecord corresponding in the form and contents to the received electroniccash.

In case if a cryptogram decryption password 64 (FIG. 10) is used forprotection against copying, there are the steps of: generating adecryption password on the basis of a random number and recording it toa section of a PROM 13 intended for non-copied decryption passwords andclosed for users, generating a dynamically transformable daughter code39 on the basis of the mother code 15 and the decryption password 64;inputting information, including a computer program, to the personalcryptoprotective complex, and making its encryption using saiddecryption password, outputting the encrypted information 66 to a userfor record to a medium or for transmission to other user, inputting acommand to transmit the decryption password 64 to other user in processof the protected communication session, encrypting the decryptionpassword on the basis of a single-use key 38 generated using at leastone random number, and outputting said password for transmission. Thetransmission of the decryption password 64 is carried out similarly totransmission of copy-protected electronic documents.

In this case, it is possible to protect against copying not onlyelectronic documents, but also computer programs and databases. If thatis the case, a decrypted fragment 67 of the computer program 66 isrecorded to the RAM 18 of the cassette. The processing of decryptedfragments of the program takes place in parallel in two processors: themicroprocessor 16 of the cassette and a microprocessor 68 of a computer;the processing involves a partial use of a RAM 69 of the computer. Sincethe part of operations of processed fragments 70 is made within thecassette 1, it is practically impossible to restore decrypted fragmentsof the encrypted program 66 completely.

If it is necessary to limit a validity period of the decryption passwordin time or quantity of events of use, the following steps are carriedout: including appropriate service commands in the decryption passwordand selecting them by means of service symbols 47; encrypting thereceived service commands in structure of the decryption password 64,and outputting them for the further record to a medium or transmissionto other user while storing the decryption password in the PROM 13,simultaneously disabling the access to the decryption password 64residuary in the PROM 13 of the personal cryptoprotective complex of theuser for a predetermined time interval; inputting or accordinglyreceiving the encrypted decryption password 64 with service commandsincluded therein; selecting service commands by means of service symbols47, and executing operations with the present decryption password 64according to the received commands from the service information 54,exactly: deleting the decryption password 64 from the memory of thepersonal cryptoprotective complex after the expiration of time pointedin the service information or after use of the decryption password asmuch times as indicated in the service information.

To transmit the decryption password 64 from one personalcryptoprotective complex to another, it is possible to use anindependent medium 73 (FIG. 11). In this case, there are the steps of:adding service information 54 selected by means of service symbols 47 tothe decryption password 64, with the indication of the individual number19 of the personal cryptoprotective complex of the recipient, and alsoof date and time after which expiration the recipient of the presentdecryption password can transmit said password to other users ofpersonal cryptoprotective complexes. Simultaneously, an electronicletter is generated in the personal cryptoprotective complex 34 of thesender of the decryption password, said letter including the decryptionpassword 64 with the service information 54 added thereto, and the dateand time in the form of service information are additionally indicatedas well, and the personal cryptoprotective complex of the electronicletter recipient will be able to decrypt said message only before theexpiration of said date and time, wherein the date and time ofdecrypting the electronic letter should be indicated earlier than oridentical to the date and time indicated in the service information ofthe decryption password. The generated electronic letter is encryptedwith the dynamically transferable code based on the single-use keygenerated from a random number and an individual number of the personalcryptoprotective complex of the recipient of the present electronicletter, and said random number is added to the encrypted electronicletter. The encrypted electronic letter 72 and the random number areoutputted for transmission to the addressee together with informationencrypted by means of the decryption; the encrypted electronic letter 72containing the decryption password 64 is recorded together with therandom number to the medium 73 or is transmitted through a communicationlink, and after termination of transmission, the decryption password isdeleted from the PROM 13 of the personal cryptoprotective complex 34 ofthe sender. Then, there are the steps of: receiving the encryptedelectronic letter 72, the random number and the encrypted information66; inputting the random number to the RAM 18 of the personalcryptoprotective complex 35, and reading the individual number 19 of thepersonal cryptoprotective complex out of the ROM 17 and recording it tothe RAM 18 as well; generating a single-use key on the basis of theinputted random number and the read-out individual number, generatingthe dynamically transformable code on the basis of the single-use keyand inputting the encrypted electronic letter 72 to the personalcryptoprotective complex 35, decrypting the electronic letter using thedynamically transformable code and recording the decrypted text of theelectronic letter 72 to the RAM 18, defining service information 54using service symbols 47, finding the service information withindication of the final date and time of decrypting the electronicletter and collating them with the date and time in the built-in clock12, and in case if the final date and time are later than the currentdate and time, deleting the present electronic letter from the RAM 18,finding the decryption password 64 which includes the date and timeafter which expiration the decryption password may be transmitted toother users, and recording said decryption password to the section ofthe PROM 13 of the personal cryptoprotective complex 35, intended fornon-copied decryption passwords and closed for users of the PROM.Information, including a computer program, is inputted to the personalcryptoprotective complex and is decrypted on the basis of thedynamically transformable code generated using the decryption passwordread out of the PROM; after the expiration of date and time pointed inthe service information included in the decryption password, the presentservice information is deleted from the PROM 13, with simultaneousremoval of the restriction on the further transmission of the decryptionpassword 64 to other users.

Electronic documents with protection against copying (includingdecryption passwords 64) may be transmitted by other methods developedby varying the time period T1 and T2 and by adding the additional datain the form of numbers N1 and N2.

Thus, a temporary individual number N2 generated by the random-numbergenerator 20 is added to the electronic document into the serviceinformation, and an arbitrary time value T2 is inputted as well, saidnumber and value being encrypted together with the electronic document.

A command is inputted to transmit the electronic document to other userduring the protected communication session or in the encryptedelectronic letter; when the transmission of the present electronicdocument terminates, said document is disabled for a predetermined timeperiod T1 in the PROM 13 of the sender and is marked with an assignedtemporary individual number; in case of failures in transmission of theelectronic document, the sender repeatedly sends the present electronicdocument with the same accompanying data; the electronic document isreceived, and there are the steps of decrypting the electronic document,establishing the reliability of information by check for absence ofdistortions in the information; searching for and selecting serviceinformation 54 from the decrypted information by means of servicesymbols 47, using service symbols to find service information containingan electronic document inability-for-copying command and the temporaryindividual number of the present document; collating said number forpresence of a disabled electronic document having the same number in thePROM, and in case if coincidence is absent, recording the electronicdocument to the section of the PROM 13 intended for non-copiedelectronic documents, marking it with the assigned temporary individualnumber and disabling the electronic document for the predetermined timeperiod T1. An electronic-document-loading-acknowledgement password 62 isgenerated on the basis of a random number in the personalcryptoprotective complex 35 of the receiving party, said temporaryindividual number N2 of the present electronic document is automaticallyadded to said password, a password copy is recorded to the PROM 13, andthe electronic-document-loading-acknowledgement password 62 istransmitted in the encrypted form to the personal cryptoprotectivecomplex 34 of the sending party during the protected communicationsession or in the encrypted electronic letter; theelectronic-document-loading-acknowledgement password 62 is received inthe personal cryptoprotective complex 34 of the sending party, findingthe disabled electronic document in the PROM 13, said document beingmarked by number corresponding to a number received with the password,and in case of presence of the disabled electronic document andcoincidence of numbers there is the step of generating anelectronic-document-transmission-acknowledgement password 63 with use ofelectronic-document-loading-acknowledgement password, said temporaryindividual number N2 of the electronic document being automaticallyincluded therein; requesting a user acknowledgement for sending saidpassword to the personal cryptoprotective complex of the receivingparty. In case if the user does not give acknowledgement for sending thepassword 63 during an arbitrary time period T2 which value was inputtedbeforehand by the sender in establishment of an electronic documentsending mode, then after the expiration of a predetermined period oftime there are the steps of: automatically enabling said electronicdocument in the PROM 13 of the personal cryptoprotective complex 34 ofthe sender; and automatically deleting said electronic document in thePROM 13 of the personal cryptoprotective complex 35 of the recipient. Incase if the user gives acknowledgement for sending the password 63during the time period T2, then said password in the encrypted form issent to the personal cryptoprotective complex 35 of the recipient,wherein said electronic document is automatically deleted from the PROM13 of the personal cryptoprotective complex 34 of the sender, and whenthe recipient has received theelectronic-document-transmission-acknowledgement password, there is thestep of finding the disabled electronic document and the recorded copyof the electronic-document-loading-acknowledgement password 62 in thePROM 13 of the personal cryptoprotective complex 35 of the recipient,said document and said copy being denoted by number N2 corresponding thenumber received with the password, and only in case of presence of thedisabled electronic document, coincidence of numbers and presence of adirect association between passwords, said electronic document isautomatically enabled; then the electronic document is recorded to thesection of the PROM 13 of the personal cryptoprotective complex 35,intended for non-copied electronic documents and closed for users of thePROM, and said temporary individual number N2 is deleted. In case offailures in transmission of the electronic document or acknowledgementpasswords, users carry out the backup of transmission.

A number N1 corresponding to an individual number 19 of the personalcryptoprotective complexes of the third party is used in a case when theelectronic-document-transmission-acknowledgement password is assumed tobe sent from another personal cryptoprotective complex. In this case, anindividual number N1-19 of the personal cryptoprotective complex wherefrom the electronic-document-transmission-acknowledgement password willbe sent, a temporary individual number N2 generated by the random-numbergenerator 20, and an infinite value T2 of the time period to be inputtedby the user, said number and value being encrypted together with theelectronic document, are added to the transmittable electronic document;a command is inputted to transmit the electronic document to other userin process of the protected communication session; when the transmissionof the present electronic document terminates, said document is enabledfor a predetermined time period T1 in the PROM 13 of the sender and ismarked with said assigned number N2. There are the steps of: receivingthe electronic document and decrypting the electronic document,establishing the reliability of information by check for absence ofdistortion in information; searching for and selecting serviceinformation 54 from the decrypted information by means of servicesymbols 47, using said service symbols to find service informationcontaining an electronic document inability-for-copying command andnumbers of said document, recording the electronic document to thesection of the PROM 13 intended for non-copied electronic documents,marking said document with its assigned number N2 and disabling theelectronic document for the predetermined time period T1, generating theelectronic-document-loading-acknowledgement 62 in the personalcryptoprotective complex 35 of the receiving party, automatically addingsaid number N2 of the present electronic document to said password andtransmitting the result in the encrypted form to the personalcryptoprotective complex 34 of the sending party during the same orother protected communication session; receiving theelectronic-document-loading-acknowledgement 62 of the electronicdocument in the personal cryptoprotective complex 34 of the sendingparty, finding the disabled electronic document in the PROM 13, saiddocument being marked by number N2 corresponding to the number receivedwith the password, and in case of presence of the disabled electronicdocument and coincidence of numbers, deleting the present electronicdocument from the PROM 13, because the time period T2 is equal to aninfinite value; in the personal cryptoprotective complex whoseindividual number 19 corresponds to the number N1 assigned to theelectronic document, inputting a numerical value corresponding to thenumber N2 of the electronic document, generating theelectronic-document-transmission-acknowledgement password 63 whileautomatically including therein own individual number 19 correspondingto N1 and the inputted number N2. The present password 63 in theencrypted form is sent to the personal cryptoprotective complex 35 ofthe recipient of the electronic document; when the personalcryptoprotective complex 35 of the recipient has received theelectronic-document-transmission-acknowledgement password in its PROM13, there are the steps of: finding the disabled electronic documentmarked by the number N2 corresponding to the number received with thepassword, collating the numbers N1 in the electronic document and in thepassword, and only if coincidence of numbers takes place, automaticallyenabling said electronic document, and then recording the electronicdocument to the section of the PROM 13 of the personal cryptoprotectivecomplex 35, intended for non-copied electronic documents, and deletingthe added numbers N1 and N2.

The following method for transmitting copy-protected electronicdocuments is characterized in that the user inputs an arbitrary time T1,an infinite value of the time period T2, and adds the temporaryindividual number N2 generated by the random-number generator 20. Anelectronic-document-loading-acknowledgement password 62 is absent in thepresent method. And the electronic-document-transmission-acknowledgementpassword 63 works as an independent electronic document which can befreely transmitted from one user to another in aprotection-against-copying mode with obligatory automatic removal fromthe cassette of the personal cryptoprotective complex said password istransmitted from.

To generate the electronic-document-transmission-acknowledgementpassword 63, the following steps are carried out: inputting a command togenerate an electronic-document-acknowledgement password; generating theelectronic-document-acknowledgement password; assigning a number and avariable face value, if any, thereto, said number and variable facevalue corresponding to the temporary number and temporary face value ofthe electronic document; transmitting theelectronic-document-transmission-acknowledgement password in theencrypted form during a cryptoprotective communication session to acertain user or keeping said password in own personal cryptoprotectivecomplex 34.

In the present method, the electronic document is disabled during thetime period T1 in the PROM 13 of the personal cryptoprotective complexof the sender, but thus the electronic document may be unlimitedlycopied and distributed to other users in process of cryptoprotectivecommunication sessions or in electronic letters with the appropriatemark that the electronic document received by others users is a copy.After the expiration of the time period T1, there are the steps of:deleting the electronic document from the PROM 13 of the sender 34;receiving copies of the electronic document, decrypting the electronicdocument, searching for and selecting service information 54 from thedecrypted information by means of service symbols 47; finding a markthat there is a copy of the electronic document, and a temporaryindividual number N2 of the present document; recording the electronicdocument to the section of the PROM 13 and marking it with the assignedtemporary individual number N2. Theelectronic-document-transmission-acknowledgement password is received ina personal cryptoprotective complex of a user who has received theelectronic document copy, said electronic document copy marked with thenumber N2 corresponding to the number N2 received with the password 63is found in the PROM 13; and if the numbers coincide, the mark thatthere is a copy is removed from the electronic document copy, and thenthe electronic document is recorded to the section of the PROM 13 of thepersonal cryptoprotective complex, intended for non-copied electronicdocuments and closed for users of the PROM, and said temporaryindividual number N2 is deleted. After the transmission of saidpassword, it is deleted from the PROM 13 in the personalcryptoprotective complex of the sender of theelectronic-document-transmission-acknowledgement password, and if a partof the password is transmitted with a variable face value, a face valueof a part of said password residuary in the PROM 13 is decreased by thesum equal to the transmitted part.

The personal cryptoprotective complex allows a procedure of asimultaneous exchange of the copy-protected electronic documents througha communication link with preview of electronic documents. There are thefollowing steps for this purpose: synchronously generating a single-useencryption key 38 (FIG. 12) on the basis of random numbers 36 and 37produced in the personal cryptoprotective complexes 34 and 35 of users;synchronously generating the dynamically transformable daughter codes 39on the basis of a mother code 15 and the single-use encryption key 38 inthe personal cryptoprotective complexes of users; inputting initialinformation to each of the personal cryptoprotective complexes of users;in accordance with the established mode of processing the user'sinformation and the earlier received information, generating serviceinformation 54 by means of the information processing program andcombining the service information with the processed user's informationto obtain an electronic document 60, wherein attributes of theelectronic document in the form of service information 54 are separatedfrom the processed user's information by means of predetermined servicesymbols 47; and in accordance with a user's command to generate thecopy-protected electronic document, including a certain command in theservice information as a part of the information processing program forthe personal cryptoprotective complexes, wherein said command is in theform of a typical set of symbols earlier inputted to the ROM, andstoring the obtained electronic document in a section of the PROMprovided in the personal cryptoprotective complex and intended fornon-copied electronic documents. There are the steps of; in at least oneof the personal cryptoprotective complexes: inputting a command 76 forsimultaneous exchanging the electronic documents, and sending saidcommand in the form of a signal 77 encrypted by means of the producedsingle-use encryption key to other personal cryptoprotective complex 35;in each of the personal cryptoprotective complexes, inputting a commandto start transmission of the non-copied electronic document 60 and 75recorded in the PROMs 13 to other subscriber of the establishedcommunication session; encrypting the electronic document with adynamically transformable daughter code while reading an electronicdocument inability-for-copying command out of the service information;establishing protection against modification in the decryptedinformation and transmitting the encrypted information to other personalcryptoprotective complex; in accordance with the command 76 forsimultaneous exchanging the electronic documents, and upon terminationof transmission of the non-copied electronic document, disabling it informs 61 and 78 for a predetermined time period T1 in the PROM 13 of thesender, receiving the electronic document and decrypting the electronicdocument; establishing the reliability of information by check forabsence of distortions in information; searching for and selectingservice information from the decrypted information by means of servicesymbols; using the service symbols to find service informationcontaining the electronic document inability-for-copying command;recording the electronic document to the section of the PROM intendedfor non-copied electronic documents, disabling said electronic documentfor a predetermined time period T1 and outputting the obtainedelectronic document to the user for acquaintance. In the personalcryptoprotective complex of the receiving party, anelectronic-document-loading-acknowledgement password 62 is generated andsaid electronic-document-loading-acknowledgement password is transmittedin the encrypted form to the personal cryptoprotective complex of thesending party. If the sender does not receive theelectronic-document-loading-acknowledgement password from the recipientduring the time period T1, the electronic document is enabled in thePROM of the personal cryptoprotective complex of the sender. If therecipient does not send the electronic-document-loading-acknowledgementpassword to the sender during the time period T1, there are the steps ofdeleting the electronic document from the PROM 13 of the personalcryptoprotective complex of the recipient; receiving theelectronic-document-loading-acknowledgement 62 in the personalcryptoprotective complex of sending party, generating anelectronic-document-transmission-acknowledgement password 63 andrequesting a user acknowledgement 79 to send the present password to thepersonal cryptoprotective complex of the receiving party. In case if theuser does not acknowledge the sending of the password during apredetermined time period T2, then, after the expiration of said timeperiod, automatically enabling said electronic document in the PROM ofthe personal cryptoprotective complex of the sender, and automaticallydeleting said electronic document in the PROM of the personalcryptoprotective complex of the recipient. In case if the user gives theacknowledgement 79 for sending the password during the time period T2,then, sending a predetermined signal 80 in the encrypted form containinginformation of said acknowledgement to other user, and receiving thesimilar signal from said user. After the exchange of acknowledgementsignals 80, there is synchronization according the last signal, and fromthe moment of sending a last bit of said signal from one of personalcryptoprotective complexes and to the moment of according receptionthereof in other personal cryptoprotective complex a procedure of asimultaneous exchange of theelectronic-document-transmission-acknowledgement passwords 63 in theencrypted form starts, wherein the reception of a password-containingsignal from the opposite party is monitored in each of the personalcryptoprotective complexes, and in case of absence or interruption ofsaid signal, the transmission of own password is stopped. After thesending of the transmission-acknowledgement password 63, said electronicdocument is automatically deleted from the PROM of the personalcryptoprotective complex of the sender, and when the recipient hasreceived the electronic-document-transmission-acknowledgement password,said electronic document is automatically enabled in the PROM of thepersonal cryptoprotective complex of the recipient.

There are the following steps to improve safety in exchange of thecopy-protected electronic documents 60 and 75: automatically introducinga time value T to the last acknowledgement signal 80, said value beingdifferent from a current time-reading by a time period t which value isgenerated by the random-number generator 20; sending the present signalto other user, and after the expiration of the signal sending time andbefore the time T comes, transmitting a random signal generated by therandom-number generator 20; when the time T comes, automaticallystopping transmission of the random signal and starting simultaneoustransmission of electronic-document-transmission-acknowledgementpasswords 63 in the encrypted form, said random signal and thecryptogram of passwords having identical characteristics. This techniqueallows avoidance of deliberated fail in transmission of last bytes ofelectronic-document-transmission-acknowledgement passwords, because thetransmission termination time becomes unknown in this case.

The following method permits to guarantee simultaneous signing anelectronic document with electronic digital signatures by at least twousers through communications link. For this purpose, users make anexchange of a copy of the electronic document 60 preliminary signed byeveryone with his or her own electronic digital signature, and afterreception, disabling in the PROM 13 and acquaintance with the receivedelectronic documents, at least one of users inputs a command ofsimultaneous signing the present electronic document; a signal in theencrypted form is sent to other user, said signal containing informationon simultaneous signing the electronic document and being outputted tothe user; after the exchange of theelectronic-document-transmission-acknowledgement passwords 63, there isthe step of automatically signing the electronic documents in each ofthe personal cryptoprotective complexes 34 and 35 with the electronicdigital signature of the user. When parties have mutually signed theelectronic document, the command of simultaneous signing the electronicdocument allows removal the protection against copying from the presentelectronic document for free acquaintance of any user with the presentelectronic document.

The information-processing program 22 (FIG. 14) of personalcryptoprotective complexes allows transmission of messages in anelectronic letter mode at notice of reception of the electronic messageby the addressee. Thus it is guaranteed that the addressee can read themessage only under condition of reception by the sender of theelectronic notice with the electronic signature of the addressee abouthis or her reception of the present electronic letter. For this purpose,the structure of the information processing program 22 includes atypical form of a notice sheet to which will automatically be put anelectronic letter number generated by the random-number generator 20prior to send the electronic letter, and an electronic signature of theuser who is a recipient of the electronic letter. The message firstreceived by the addressee is in the encrypted form from which thepersonal cryptoprotective complex of the recipient decrypts a servicepart of the message containing the electronic letter number andinformation that the present message is an electronic letter at notice.The procedure of sending and reception of the electronic letter atnotice looks as follows: in one of the personal cryptoprotectivecomplexes—34, inputting a command 86 to send the electronic letter atnotice and inputting information; adding a number N-88 generated by therandom-number generator 20 to the present information, separating saidnumber by means of earlier inputted service symbols 47 and encryptingthe information by said number with application of a decryption password48; in accordance with said command 86, recording the decryptionpassword 48 to the PROM 13 of the personal cryptoprotective complex 34and marking said passwords with said number 88; generating theelectronic letter at notice from the inputted encrypted information 45and the service information 54 added thereto, separated with earlierinputted service symbols 47, containing the number 88 that correspondsto a number of information and the decryption password 48, and having acommand included therein and indicating that the present information isan electronic letter at notice. Then there are the steps of: outputtinga copy of the encrypted electronic letter at notice for record to themedium; establishing a cryptoprotective communication session with thecertain user 35 using the personal cryptoprotective complexes, andtransmitting the electronic letter 87 at notice; receiving information;decrypting the service information, finding the number 88 to be recordedto the PROM 13, and a command that the received encrypted information isan electronic letter at notice; and outputting the present command tothe user 89. In accordance with said command and a command 90 inputtedby the recipient—to send a notice on reception of said message to thesender, there are the steps of: generating the electronic document inthe form of a preliminary inputted typical notice sheet 92; inputtingthe number 88 to said sheet, said number corresponding to a number ofthe received information; and signing the present electronic documentwith the electronic signature 24 of the user, said signature containingthe current date and time; sending a predetermined signal 91 in theencrypted form to other user, said signal containing information thatacknowledges presence of the notice. There are the following steps afterthe sending and respective reception of said signal 91: simultaneouschanging the electronic notice sheet for the electronic letterdecryption password 48; receiving the electronic letter decryptionpassword 48 to the personal cryptoprotective complex 35 of therecipient; using said password to decrypt information received in theelectronic letter 87 at notice and outputting said information to theuser; receiving the electronic document being the notice-of-receptionsheet of the electronic letter at notice to the personalcryptoprotective complex 34 of the sender; decrypting said electronicdocument and inputting it to the user and recording a cryptogram of thenotice sheet to the medium.

If e-mail is used to send the electronic letter at notice, a nodecomputer (server) is used with a node cryptoprotective complex connectedthereto. Further, there are the following steps: in the personalcryptoprotective complex of the sender, inputting a command to send theelectronic letter at notice and inputting information; adding a numberN-88 generated by the random-number generator 20, to the presentinformation, separating said number by means of earlier inputted servicesymbols 47, inputting an individual number I-19 of the personalcryptoprotective complex of the addressee, producing a random numberZ-36; based on the inputted number I and the random number Z, encryptingthe information, including the added random number N-88; in accordancewith said command, recording the random number Z to the PROM 13 of thepersonal cryptoprotective complex 34 and marking it with said randomnumber N; generating the electronic letter at notice from the inputtedencrypted information and service information added thereto, separatedwith earlier inputted service symbols 47, containing the number thatcorresponds to the number N of information, and having a commandincluded therein and indicating that the present information is anelectronic letter at notice; outputting a copy of the encryptedelectronic letter at notice for record to the medium; transmitting theelectronic letter at notice to the node computer, establishing acryptoprotective communication session with a node cryptoprotectivecomplex connected to the node computer, transmitting the random numberZ-36 to be stored in the node cryptoprotective complex; receiving theelectronic letter at notice from the node computer to the personalcryptoprotective complex 35 of the addressee, decrypting the serviceinformation, finding the number N to be recorded to the PROM 13, and acommand that the received encrypted information is an electronic letterat notice; and outputting the present command to the user. In accordancewith said command and a command inputted by the recipient—to send anotice on reception of said message to the sender, there are the stepsof: generating the electronic document in the form of a preliminaryinputted typical notice sheet; inputting the number N to said sheet,said number corresponding to a number of the received information; andsigning the present electronic document with the electronic signature ofthe user, said signature containing the current date and time; sending apredetermined signal in the encrypted form to the node cryptoprotectivecomplex via the node computer, said signal containing information thatacknowledges presence of the notice; there are the following steps afterthe sending and respective reception of said signal: simultaneouschanging the electronic notice sheet for the random number Z-36;receiving the random number Z-36 to the personal cryptoprotectivecomplex 35 of the recipient, outputting the individual number I-19 ofthe personal cryptoprotective complex and generating a single-usedecryption key 38 of the basis of said numbers; decrypting informationreceived in the electronic letter at notice and outputting saidinformation to the user. Next, in the personal cryptoprotective complex34 of the sender there are the steps of receiving the electronicdocument being the notice-of-reception sheet of the electronic letter atnotice to the personal cryptoprotective complex of the sender from thenode cryptoprotective complex via the node computer; decrypting saidelectronic document and inputting it to the user and recording acryptogram of the notice sheet to the medium.

Application of personal cryptoprotective complexes for settlements inelectronic bank bills and electronic cash permits to convert the presentmeans of settlement into electronic money of incompatible paymentsystems. And, with a view of safety, the procedure of converting hasunidirectional character, i.e. the backward converting of electronicmoney from plastic cards into electronic cash or electronic bills isundesirable. To realize the procedure of converting, the user will needa plastic card reader compatible with a personal cryptoprotectivecomplex. Besides, the present procedure is feasible only after certaininteractions of personal cryptoprotective complexes of a user and a bankhaving said user as a client, exactly, if it is supposed to convertelectronic cash or unlimited electronic bank bills, there are the stepsof:

Generating an electronic document in a personal cryptoprotective complexof a bank by means of a program included in structure of the informationprocessing program 22 with application of predetermined service symbols47, said document being intended for a certain user and including anelectronic banknote signed by band and conditions of the bank in theform of certain commands; establishing a cryptoprotective communicationsession between the bank and the user with application of personalcryptoprotective complexes; and transmitting the generated electronicdocument to the user. Then, there are the steps of: receiving saidelectronic document to the personal cryptoprotective complex of the userand decrypting the electronic document, determining service symbols 47,using them to determine commands and the electronic banknote signed bybank, recording the electronic banknote to the PROM 13 of the personalcryptoprotective complex and disabling (freezing) said banknote tillreception of certain commands and conformity with conditions of the bankcontained in received commands of the electronic document. Then, thereare the steps of: receiving electronic cash or electronic bank bills tothe personal cryptoprotective complex of the user; inputting a user'scommand to enable (defreeze) the electronic banknote signed by bank; inaccordance with the user's command, checking the PROM 13 for presence ofelectronic cash or electronic bank bills and their conformity with theconditions of the bank in the sum, currency and other attributes; incase of conformity with the conditions of the bank, disabling (freezing)the sum of electronic cash or electronic bank bills determined by thepresent condition and simultaneously enabling (de-freezing) theelectronic banknote, wherein the sum of disabled (frozen) electroniccash or bills according to the conditions of the bank may exceed the sumof the electronic banknote. Next, there are the steps of: connecting amedium (a plastic card) to the personal cryptoprotective complex of theuser by means of the terminal 2 and transmitting the electronic banknoteto the present medium, making a payment transaction by said electronicbanknote with use of the present medium; in the bank, receiving thepresent electronic banknote, put it into a register, and in case ifdenomination of the electronic banknote is higher than the sum ofpayment, refunding change to the medium of the user, billing the sum ofthe spent electronic banknote minus change to the bank account of theuser from the moment of making the transaction, and simultaneouslyinputting information of an amount of credit in the form ofpredetermined commands to the personal cryptoprotective complex of thebank. Then, there are the steps of: connecting the personalcryptoprotective complex of the user to the personal cryptoprotectivecomplex of the bank, establishing a cryptoprotective communicationsession between them, identifying the personal cryptoprotectivecomplexes and inputting a command for repayment of the credit;calculating the sum for enabling in accordance with the sum and term ofthe credit; enabling (de-freezing) the sum of electronic cash orelectronic bank bills determined by calculation; transmitting the sumnecessary for repayment of the credit to the personal cryptoprotectivecomplex of the bank while the residuary part of the enabled (de-frozen)sum remains at the order of the user.

If it is supposed to convert urgent or unlimited electronic bank bills,the following procedures take place. Using a program preliminaryincorporated in structure of the information processing program 22 inthe personal cryptoprotective complex of the bank, an electronicdocument is generated with application of predetermined service symbols47, said document being intended for a certain user and include anelectronic banknote signed by the bank, conditions of the bank in theform of certain commands; next, there are the steps of: establishing acryptoprotective communication session between the bank and the userwith application of the personal cryptoprotective complexes, andtransmitting the generated electronic document to the user; receivingsaid electronic document to the personal cryptoprotective complex of theuser and decrypting it, determining service symbols 47, using saidsymbols to determine commands and the electronic banknote signed by thebank; recording the electronic banknote to the PROM 13 of the personalcryptoprotective complex and disabling (freezing) it till reception ofcertain commands and conformity with the conditions of the bankcontained in received commands of the electronic document. Next, thereare the steps of: receiving electronic bank bills to the personalcryptoprotective complex of the user from a personal cryptoprotectivecomplex of other user; inputting a user's command to enable (defreeze)the electronic banknote signed by bank. Then, there are the steps of: inaccordance with the user's command, checking the PROM 13 for presence ofan electronic bank bill and its conformity with the conditions of thebank in the sum, currency and other attributes; reading data 24 of theuser to which the electronic bill was addressed, said data includingindividual number 19 of the personal cryptoprotective complex of saiduser. If the electronic bill is in conformity with the conditions of thebank, there are the steps of: enabling (de-freezing) the electronicbanknote with simultaneous reduction of a face value of said electronicbill by the sum corresponding to the sum of the electronic banknote,wherein the encrypted information containing the user's data 24 and 19taken from said electronic bill is added to the electronic banknote;connecting a medium (a plastic card) to the personal cryptoprotectivecomplex of the user by means of the terminal 2 and transmitting theelectronic banknote to the present medium. Next, there are the steps of:making a payment transaction by said electronic banknote with use of thepresent medium; in the bank, receiving the present electronic banknoteand decrypting information added thereto; from said information,determining a user account where a mortgage amount on said electronicbill is stored and writing-off a sum from said amount, said sumcorresponding to the received electronic banknote; putting theelectronic banknote into a register, and if denomination of theelectronic banknote is higher than the sum of payment, refunding changeto the medium of the user.

When the user's data 24, including the number 19 of the personalcryptoprotective complex of the user and contained in the electronicbill, coincides with similar data in the ROM 17 of the personalcryptoprotective complex of the user, there are the steps of: enabling(de-freezing) the electronic banknote including a user account number,with simultaneous reduction of a face value of said electronic bill bythe sum corresponding to the sum of the electronic banknote; connectingthe medium to the personal cryptoprotective complex of the user by meansof the terminal and transmitting the electronic banknote to the presentmedium without addition of additional data to the electronic banknote.

Next there are the steps of: making a payment transaction by means ofthe present medium; in the bank, receiving the present electronicbanknote; determining from said banknote a user account where a mortgageamount on said electronic bill is stored, and writing-off a sum fromsaid amount, said sum corresponding to the received electronic banknote;putting the electronic banknote into a register, and if denomination ofthe electronic banknote is higher than the sum of payment, refundingchange to the medium of the user.

INDUSTRIAL APPLICABILITY

The system may be realized on the base of a RISC processor, and on thebasis of processors Intel 80x86 for protection of computer programsagainst the non-authorized copying. The system as a whole may berealized on the basis of IBM PC by embedding a microprocessor, a RAM, aclock and an accumulator of a personal computer into the protectiveoptical sheath provided with a built-in cryptokernel.

1-55. (canceled)
 56. A method for transmission of information withprotection against copying with use of a personal cryptoprotectivecomplex, the method comprising: in a ROM of each of personalcryptoprotective complexes, storing copies of a mother code being a setof random numbers (M1, M2, . . . , MN), encryption, decryption andinformation processing programs, wherein record is carried out in aprotected way only in said personal cryptoprotective complexes, said wayexcluding the possibility of recording to other media and modifying saidprograms, as well as personal data of a user including his or herelectronic signature and other attributes used for execution ofcryptoprotective operations and generation of electronic documents, andsetting date and time in a built-in clock; in the input of user'sinformation to the personal cryptoprotective complex, inputting user'scommands to establish a mode of processing the user's information, togenerate a non-copied electronic document, and processing the inputteduser's information; in accordance with the established mode ofprocessing the user's information and the earlier received information,generating service information by means of the information processingprogram, and combining the service information with the processed user'sinformation to obtain an electronic document, attributes of theelectronic document in the form of service information being separatedfrom the processed user's information by means of service symbols, andin accordance with a user's command to generate a non-copied electronicdocument, including a command in the service information, said commandbeing intended for the personal cryptoprotective complexes and being inthe form of a typical set of symbols inputted earlier to the ROM instructure of the information processing program, and storing theobtained electronic document in a section of the ROM intended fornon-copied electronic documents of the personal cryptoprotectivecomplex; establishing a protected communication session with applicationof the personal cryptoprotective complexes on the basis of a single-usekey of the communication session generated using random numbers, andinputting a user's command to transmit the non-copied electronicdocument recorded in the PROM to other subscriber of the establishedcommunication session; encrypting the electronic document by adynamically transformable daughter code while reading an electronicdocument inability-for-copying command out of the service information,establishing the protection against modification to the encryptedinformation, and transmitting the encrypted information to anotherpersonal cryptoprotective complex; upon termination of transmission ofthe non-copied electronic document, disabling it for a predeterminedtime period T1 in the PROM according to said inability-for-copyingcommand; receiving the electronic document and decrypting the electronicdocument, establishing the reliability of information by check forabsence of distortions in said information, searching for and selectingservice information from decrypted information by means of servicesymbols, using the service symbols to find the service informationcontaining the electronic document inability-for-copying command,recording the electronic document to the section of the PROM intendedfor non-copied electronic documents, and disabling said document for thepredetermined time period T1; generating anelectronic-document-loading-acknowledgement password in the personalcryptoprotective complex of a receiving party and transmitting theelectronic-document-loading-acknowledgement password in the encryptedform to the personal cryptoprotective complex of a sending party; incase if the sender does not receive theelectronic-document-loading-acknowledgement password from the recipientduring the time period T1, enabling the electronic document in the PROMof the personal cryptoprotective complex of the sender, while ignoringthe subsequent reception of said password; in case if the recipient doesnot send the electronic-document-loading-acknowledgement password to thesender during the time period T1, deleting the electronic document fromthe PROM of the personal cryptoprotective complex; receiving theelectronic-document-loading-acknowledgement password in the personalcryptoprotective complex of the sending party, generating anelectronic-document-transmission-acknowledgement password, andrequesting a user acknowledgement in response to the sending of thepresent password to the personal cryptoprotective complex of thereceiving party; in case if the user gives no acknowledge in response tothe sending of the password during a predetermined time period T2, then,on the expiration of said time period, automatically enabling saidelectronic document in the PROM of the personal cryptoprotective complexof the sender, and automatically deleting said electronic document inthe PROM of the personal cryptoprotective complex of the recipient; incase if the user acknowledges the sending of the password during thetime period T2, sending the present password in the encrypted form tothe personal cryptoprotective complex of the recipient, wherein saidelectronic document is automatically deleted from PROM of the personalcryptoprotective complex of the sender, and said electronic document isautomatically enabled in the PROM of the personal cryptoprotectivecomplex of the recipient when he or she has received saidelectronic-document-transmission-acknowledgement password, followed byinputting user's commands, establishing a mode of processing thedecrypted information according to the user's commands received from theservice information and according to the earlier inputted informationand the information processing program, and outputting the processedinformation to the user together with service symbols that authenticateattributes of the received electronic document.
 57. The method accordingto claim 56, further comprising: receiving decrypted information to thepersonal cryptoprotective complex, said information being the non-copiedelectronic document containing a variable face value denoted in apredetermined way by service symbols; decrypting said information andrecording the received electronic document to the ROM of the personalcryptoprotective complex; determining service symbols in the electronicdocument by means of the information-processing program; determining avariable face value information of the electronic document in serviceinformation, and outputting said variable face value information to theuser; subdividing the electronic document into arbitrary parts bychanging face values of parts using the information processing programin such a manner that their total sum remains invariable, wherein othercharacteristics and attributes of parts of the electronic document alsoremain unchangeable; sending parts of the electronic document to otherpersonal cryptoprotective complexes; receiving several identicalelectronic documents with variable face values to the personalcryptoprotective complex and automatically collecting said documentsusing the information-processing program into a unified electronicdocument by summing their face values.
 58. The method according to claim57, wherein the electronic document with a variable face value is anelectronic bank bill of exchange with a predetermined time forrepayment, wherein the service information of said bill contains data ofa bank drawn the bill, including electronic digital signatures of thebank generated using a personal cryptoprotective complex, data of a userwho has received the bill, currency and a face value of the bill as wellas a bill repayment date after which the bank will enable a mortgageamount of money left at a user's account that will be transferred aheadof time to any holder of the present electronic bill or its part afterreception of the electronic bill to the personal cryptoprotectivecomplex of the bank, identify data of the electronic bill and determineits face value, and if the date of repayment indicated in the bill isnot later than a current date, the holder will obtain the sumcorresponding to the face value of the presented electronic bill. 59.The method according to claim 56, further comprising: adding a temporaryindividual number generated by a random-number generator to theelectronic document, and an arbitrary inputted value of the time periodT2, said number and value being encrypted together with the electronicdocument; inputting a command to transmit the electronic document toother user during the protected communication session or in theencrypted electronic letter; when the transmission of the presentelectronic document terminates, disabling said document for apredetermined time period T1 in the PROM of the sender and marking saiddocument with an assigned temporary individual number; in case offailures in transmission of the electronic document, the senderrepeatedly sends the present electronic document with the sameaccompanying data; receiving the electronic document and decrypting theelectronic document, establishing the reliability of information bycheck for absence of distortions in the information; searching for andselecting service information from the decrypted information by means ofservice symbols, using service symbols to find service informationcontaining an electronic document inability-for-copying command and thetemporary individual number of the present document; collating saidnumber for presence of a disabled electronic document having the samenumber in the PROM, and in case if coincidence is absent, recording theelectronic document to the section of the PROM intended for non-copiedelectronic documents, marking it with the assigned temporary individualnumber and disabling the electronic document for the predetermined timeperiod T1; in the personal cryptoprotective complex of the receivingparty, generating an electronic-document-loading-acknowledgementpassword on the basis of a random number, automatically adding saidtemporary individual number of the present electronic document to saidpassword, recording a password to the PROM, and transmitting theelectronic-document-loading-acknowledgement password in the encryptedform to the personal cryptoprotective complex of the sending partyduring the protected communication session or in the encryptedelectronic letter; receiving theelectronic-document-loading-acknowledgement password in the personalcryptoprotective complex of the sending party, finding the disabledelectronic document in the PROM, said document being marked by numbercorresponding to a number received with the password, and in case ofpresence of the disabled electronic document and coincidence of numbersthere is the step of generating anelectronic-document-transmission-acknowledgement password with use ofelectronic-document-loading-acknowledgement password, said temporaryindividual number of the electronic document being automaticallyincluded therein; requesting a user acknowledgement for sending saidpassword to the personal cryptoprotective complex of the receivingparty; in case if the user does not give acknowledgement for sending thepassword during an arbitrary time period T2 which value was inputtedbeforehand by the sender in establishment of an electronic documentsending mode, then after the expiration of a predetermined period oftime there are the steps of: automatically enabling said electronicdocument in the PROM of the personal cryptoprotective complex of thesender; and automatically deleting said electronic document in the PROMof the personal cryptoprotective complex of the recipient; in case ifthe user gives acknowledgement for sending the password during the timeperiod T2, then sending said password in the encrypted form to thepersonal cryptoprotective complex of the recipient, wherein saidelectronic document is automatically deleted from the PROM of thepersonal cryptoprotective complex of the sender, and when the recipienthas received the electronic-document-transmission-acknowledgementpassword, there is the step of finding the disabled electronic documentand the recorded copy of the electronic-document-loading-acknowledgementpassword in the PROM of the personal cryptoprotective complex of therecipient, said document and said copy being denoted by numbercorresponding the number received with the password, and only in case ofpresence of the disabled electronic document, coincidence of numbers andpresence of a direct association between passwords, said electronicdocument is automatically enabled; recording the electronic document tothe section of the PROM of the personal cryptoprotective complex,intended for non-copied electronic documents and closed for users of thePROM, and deleting said temporary individual number; in case of failuresin transmission of the electronic document or acknowledgement passwords,users carry out the backup of transmission.
 60. The method according toclaim 59, further comprising: adding an individual number N1 of thepersonal cryptoprotective complex where from theelectronic-document-transmission-acknowledgement password will be sent,a temporary individual number N2 generated by the random-numbergenerator, and an infinite value T2 of the time period to be inputted bythe user, said number and value being encrypted together with theelectronic document, to the transmittable electronic document; inputtinga command to transmit the electronic document to other user in processof the protected communication session; when the transmission of thepresent electronic document terminates, enabling said document for apredetermined time period T1 in the PROM of the sender and marking saiddocument with said assigned number N2; receiving the electronic documentand decrypting the electronic document, establishing the reliability ofinformation by check for absence of distortion in information; searchingfor and selecting service information from the decrypted information bymeans of service symbols, using said service symbols to find serviceinformation containing an electronic document inability-for-copyingcommand and numbers of said document, recording the electronic documentto the section of the PROM intended for non-copied electronic documents,marking said document with its assigned number N2 and disabling theelectronic document for the predetermined time period T1; in thepersonal cryptoprotective complex of the receiving party, generating theelectronic-document-loading-acknowledgement, automatically adding saidnumber N2 of the present electronic document to said password andtransmitting the result in the encrypted form to the personalcryptoprotective complex of the sending party during the same or otherprotected communication session; receiving theelectronic-document-loading-acknowledgement of the electronic documentin the personal cryptoprotective complex of the sending party, findingthe disabled electronic document in the PROM, said document being markedby number N2 corresponding to the number received with the password, andin case of presence of the disabled electronic document and coincidenceof numbers, deleting the present electronic document from the PROM,because the time period T2 is equal to an infinite value; in thepersonal cryptoprotective complex whose individual number corresponds tothe number N1 assigned to the electronic document, inputting a numericalvalue corresponding to the number N2 of the electronic document,generating the electronic-document-transmission-acknowledgement passwordwhile automatically including therein own individual numbercorresponding to N1 and the inputted number N2; sending the presentpassword in the encrypted to the personal cryptoprotective complex ofthe recipient of the electronic document; when the personalcryptoprotective complex of the recipient has received theelectronic-document-transmission-acknowledgement password in its PROM,finding the disabled electronic document marked by the number N2corresponding to the number received with the password, collating thenumbers N1 in the electronic document and in the password, and only ifcoincidence of numbers takes place, automatically enabling saidelectronic document; recording the electronic document to the section ofthe PROM of the personal cryptoprotective complex, intended fornon-copied electronic documents, and deleting the added numbers N1 andN2.
 61. The method according to claim 59, further comprising: adding thetemporary individual number generated by the random-number generator andan infinite value T2 of the time period, said number and value beingencrypted together with the electronic document, to the transmittableelectronic document; inputting a command to generate saidelectronic-document-transmission-acknowledgement password; generating anelectronic-document-acknowledgement password, assigning a number and avariable face value, if any, thereto, said number and variable facevalue corresponding to the temporary number and temporary face value ofthe electronic document; transmitting theelectronic-document-acknowledgement password in the encrypted formduring a cryptoprotective communication session to a certain user orkeeping said password in own personal cryptoprotective complex;disabling the electronic document for an arbitrary time period T1 in thePROM of the personal cryptoprotective complex, making copies of theelectronic document and transmitting them to other users in process ofthe cryptoprotective communication session or in an encrypted electronicletter; after the expiration of the time period T1, deleting theelectronic document from the PROM of the sender; receiving copies of theelectronic document, decrypting the electronic document, searching forand selecting service information from the decrypted information bymeans of service symbols; finding a mark that there is a copy of theelectronic document, and a temporary individual number of the presentdocument, recording the electronic document to the PROM and marking itwith the assigned temporary individual number; receiving theelectronic-document-transmission-acknowledgement password to a personalcryptoprotective complex of a user who has received the electronicdocument copy, finding said electronic document copy marked with thenumber corresponding to the number received with the password in thePROM, and if the numbers coincide, removing the mark that there is acopy from the electronic document copy, and then recording theelectronic document to the section of the PROM of the personalcryptoprotective complex, intended for non-copied electronic documentsand closed for users of the PROM, and deleting said temporary individualnumber; after the transmission of said password, deleting it from thePROM in the personal cryptoprotective complex of the sender of theelectronic-document-transmission-acknowledgement password, and if a partof the password is transmitted with a variable face value, decreasing aface value of a part of said password residuary in the PROM by the sumequal to the transmitted part.
 62. A method for transmission ofinformation with protection against copying with use of a personalcryptoprotective complex, the method comprising: in a ROM of each ofpersonal cryptoprotective complexes, storing copies of a mother codebeing a set of random numbers (M1, M2, . . . , MN), encryption,decryption and information processing programs, wherein record iscarried out in a protected way only in said personal cryptoprotectivecomplexes, said way excluding the possibility of recording to othermedia and modifying said programs; storing an individual number of thepersonal cryptoprotective complex as well as other attributes used forexecution of cryptoprotective operations in the ROM and setting date andtime in a built-in clock; generating a decryption password on the basisof a random number and recording it to a section of a PROM intended fornon-copied decryption passwords and closed for users; generating adynamically transformable daughter code on the basis of the mother codeand the decryption password; inputting information, including a computerprogram, to the personal cryptoprotective complex, and making itsencryption using said decryption password; outputting the encryptedinformation to a user for record to a medium or for transmission toother user; inputting a command to transmit the decryption password toother user in process of the protected communication session; encryptingthe decryption password on the basis of a single-use key generated usingat least one random number, and outputting said password fortransmission; according to the fact that the decryption password has thestatus of a non-copied electronic document, upon termination oftransmission of the present electronic document, disabling it for apredetermined time period T1 in the PROM; receiving the electronicdocument and decrypting the electronic document, establishing thereliability of information by check for absence of distortions in saidinformation, searching for and selecting service information fromdecrypted information by means of service symbols, using the servicesymbols to find the service information containing an electronicdocument inability-for-copying command, recording the electronicdocument to the section of the PROM intended for non-copied electronicdocuments, and disabling said document for the predetermined time periodT2; generating an electronic-document-loading-acknowledgement passwordin the personal cryptoprotective complex of a receiving party andtransmitting the electronic-document-loading-acknowledgement password inthe encrypted form to the personal cryptoprotective complex of a sendingparty; in case if the sender does not receive theelectronic-document-loading-acknowledgement password from the recipientduring the time period T1, enabling the electronic document in the PROMof the personal cryptoprotective complex of the sender, while ignoringthe subsequent reception of said password; in case if the recipient doesnot send the electronic-document-loading-acknowledgement password to thesender during the time period T1, deleting the electronic document fromthe PROM of the personal cryptoprotective complex; receiving theelectronic-document-loading-acknowledgement password in the personalcryptoprotective complex of the sending party, generating anelectronic-document-transmission-acknowledgement password, andrequesting a user acknowledgement in response to the sending of thepresent password to the personal cryptoprotective complex of thereceiving party; in case if the user gives no acknowledge in response tothe sending of the password during the predetermined time period T2,then, on the expiration of said time period, automatically enabling saidelectronic document in the PROM of the personal cryptoprotective complexof the sender, and automatically deleting said electronic document inthe PROM of the personal cryptoprotective complex of the recipient; incase if the user acknowledges the sending of the password during thetime period T2, sending the present password in the encrypted form tothe personal cryptoprotective complex of the recipient, wherein saidelectronic document is automatically deleted from PROM of the personalcryptoprotective complex of the sender, and said electronic document isautomatically enabled in the PROM of the personal cryptoprotectivecomplex of the recipient when he or she has received saidelectronic-document-transmission-acknowledgement password; recording thedecryption password to the section of the PROM intended for non-copiedelectronic documents and closed for users of the PROM; inputtinginformation, including a computer program, to the personalcryptoprotective complex and decryption said information on the basis ofthe dynamically transformable code generated using the decryptionpassword read out of the PROM; in case of decryption of a computerprogram, connecting the personal cryptoprotective complex to a computer,recording a decrypted fragment of the program to a RAM of the personalcryptoprotective complex, executing only a part of operations in amicroprocessor of the personal cryptoprotective complex compatible tothe computer, while executing another part in the microprocessor of thecomputer.
 63. The method according to claim 62, further comprising:inputting a user's command to limit a validity period of the decryptionpassword in time or quantity of events of use; including appropriateservice commands in the decryption password and selecting them by meansof service symbols; encrypting the received service commands instructure of the decryption password, and outputting them for thefurther record to a medium or transmission to other user while storingthe decryption password in the PROM, simultaneously disabling the accessto the decryption password residuary in the PROM of the personalcryptoprotective complex of the user for a predetermined time interval;inputting or accordingly receiving the encrypted decryption passwordwith service commands included therein; selecting service commands bymeans of service symbols, and executing operations with the presentdecryption password according to the received commands from the serviceinformation, exactly: deleting the decryption password from the memoryof the personal cryptoprotective complex after the expiration of timepointed in the service information or after use of the decryptionpassword as much times as indicated in the service information.
 64. Themethod according to claim 62, further comprising: inputting a command totransmit the decryption password to other user in an encryptedelectronic letter; adding service information separated by means ofservice symbols to the decryption password, with the indication of theindividual number of the personal cryptoprotective complex of therecipient, and also of date and time after which expiration therecipient of the present decryption password can transmit said passwordto other users of personal cryptoprotective complexes; simultaneously,generating an electronic letter in the personal cryptoprotective complexof the sender of the decryption password, said letter including thedecryption password with the service information added thereto, withadditional indication of the date and time in the form of serviceinformation as well, and the personal cryptoprotective complex of theelectronic letter recipient will be able to decrypt said message onlybefore the expiration of said date and time, wherein the date and timeof decrypting the electronic letter should be indicated earlier than oridentical to the date and time indicated in the service information ofthe decryption password; encrypting the generated electronic letter withthe dynamically transferable code based on the single-use key generatedfrom a random number and the individual number of the personalcryptoprotective complex of the recipient of the present electronicletter, and adding said random number to the encrypted electronicletter; outputting the encrypted electronic letter and the random numberfor transmission to the addressee together with information decrypted bymeans of the decryption password; recording the encrypted electronicletter containing the decryption password together with the randomnumber to a medium or transmitting said letter through a communicationlink, and upon termination of transmission, deleting the encryptionpassword from the PROM of the personal cryptoprotective complex of thesender; receiving the encrypted electronic letter, the random number andthe encrypted information; inputting the random number to the RAM of thepersonal cryptoprotective complex, and reading the individual number ofthe personal cryptoprotective complex out of the ROM and recording it tothe RAM as well; generating a single-use key on the basis of theinputted random number and the read-out individual number; generatingthe dynamically transformable code on the basis of the single-use keyand inputting the encrypted electronic letter to the personalcryptoprotective complex; decrypting the electronic letter using thedynamically transformable code and recording the decrypted text of theelectronic letter to the RAM; defining service information by means ofservice symbols, finding the service information with indication of thefinal date and time of decrypting the electronic letter and collatingthem with the date and time in the built-in clock, and in case if thefinal date and time are later than the current date and time, deletingthe present electronic letter from the RAM; finding the decryptionpassword, which includes the date and time after which expiration thedecryption password may be transmitted to other users, and recordingsaid decryption password to the section of the PROM of the personalcryptoprotective complex, intended for non-copied decryption passwordsand closed for users of the PROM; inputting information, including acomputer program, to the personal cryptoprotective complex anddecrypting said information on the basis of the dynamicallytransformable code generated using the decryption password read out ofthe PROM; wherein, after the expiration of date and time pointed in theservice information included in the decryption password, deleting thepresent service information from the PROM, with simultaneous removal ofthe restriction on the further transmission of the decryption passwordto other users.
 65. The method according to claim 62, furthercomprising: adding a temporary individual number generated by arandom-number generator to the electronic document, and an arbitraryinputted value of the time period T2, said number and value beingencrypted together with the electronic document; inputting a command totransmit the electronic document to other user during the protectedcommunication session or in the encrypted electronic letter; when thetransmission of the present electronic document terminates, disablingsaid document for a predetermined time period T1 in the PROM of thesender and marking said document with an assigned temporary individualnumber; in case of failures in transmission of the electronic document,the sender repeatedly sends the present electronic document with thesame accompanying data; receiving the electronic document and decryptingthe electronic document, establishing the reliability of information bycheck for absence of distortions in the information; searching for andselecting service information from the decrypted information by means ofservice symbols, using service symbols to find service informationcontaining an electronic document inability-for-copying command and thetemporary individual number of the present document; collating saidnumber for presence of a disabled electronic document having the samenumber in the PROM, and in case if coincidence is absent, recording theelectronic document to the section of the PROM intended for non-copiedelectronic documents, marking it with the assigned temporary individualnumber and disabling the electronic document for the predetermined timeperiod T1; in the personal cryptoprotective complex of the receivingparty, generating an electronic-document-loading-acknowledgementpassword on the basis of a random number, automatically adding saidtemporary individual number of the present electronic document to saidpassword, recording a password to the PROM, and transmitting theelectronic-document-loading-acknowledgement password in the encryptedform to the personal cryptoprotective complex of the sending partyduring the protected communication session or in the encryptedelectronic letter; receiving theelectronic-document-loading-acknowledgement password in the personalcryptoprotective complex of the sending party, finding the disabledelectronic document in the PROM, said document being marked by numbercorresponding to a number received with the password, and in case ofpresence of the disabled electronic document and coincidence of numbersthere is the step of generating anelectronic-document-transmission-acknowledgement password with use ofelectronic-document-loading-acknowledgement password, said temporaryindividual number of the electronic document being automaticallyincluded therein; requesting a user acknowledgement for sending saidpassword to the personal cryptoprotective complex of the receivingparty; in case if the user does not give acknowledgement for sending thepassword during an arbitrary time period T2 which value was inputtedbeforehand by the sender in establishment of an electronic documentsending mode, then after the expiration of a predetermined period oftime there are the steps of: automatically enabling said electronicdocument in the PROM of the personal cryptoprotective complex of thesender; and automatically deleting said electronic document in the PROMof the personal cryptoprotective complex of the recipient; in case ifthe user gives acknowledgement for sending the password during the timeperiod T2, then sending said password in the encrypted form to thepersonal cryptoprotective complex of the recipient, wherein saidelectronic document is automatically deleted from the PROM of thepersonal cryptoprotective complex of the sender, and when the recipienthas received the electronic-document-transmission-acknowledgementpassword, there is the step of finding the disabled electronic documentand the recorded copy of the electronic-document-loading-acknowledgementpassword in the PROM of the personal cryptoprotective complex of therecipient, said document and said copy being denoted by numbercorresponding the number received with the password, and only in case ofpresence of the disabled electronic document, coincidence of numbers andpresence of a direct association between passwords, said electronicdocument is automatically enabled; recording the electronic document tothe section of the PROM of the personal cryptoprotective complex,intended for non-copied electronic documents and closed for users of thePROM, and deleting said temporary individual number; in case of failuresin transmission of the electronic document or acknowledgement passwords,users carry out the backup of transmission.
 66. The method according toclaim 65, further comprising: adding an individual number N1 of thepersonal cryptoprotective complex where from theelectronic-document-transmission-acknowledgement password will be sent,a temporary individual number N2 generated by the random-numbergenerator, and an infinite value T2 of the time period to be inputted bythe user, said number and value being encrypted together with theelectronic document, to the transmittable electronic document; inputtinga command to transmit the electronic document to other user in processof the protected communication session; when the transmission of thepresent electronic document terminates, enabling said document for apredetermined time period T1 in the PROM of the sender and marking saiddocument with said assigned number N2; receiving the electronic documentand decrypting the electronic document, establishing the reliability ofinformation by check for absence of distortion in information; searchingfor and selecting service information from the decrypted information bymeans of service symbols, using said service symbols to find serviceinformation containing an electronic document inability-for-copyingcommand and numbers of said document, recording the electronic documentto the section of the PROM intended for non-copied electronic documents,marking said document with its assigned number N2 and disabling theelectronic document for the predetermined time period T1; in thepersonal cryptoprotective complex of the receiving party, generating theelectronic-document-loading-acknowledgement, automatically adding saidnumber N2 of the present electronic document to said password andtransmitting the result in the encrypted form to the personalcryptoprotective complex of the sending party during the same or otherprotected communication session; receiving theelectronic-document-loading-acknowledgement of the electronic documentin the personal cryptoprotective complex of the sending party, findingthe disabled electronic document in the PROM, said document being markedby number N2 corresponding to the number received with the password, andin case of presence of the disabled electronic document and coincidenceof numbers, deleting the present electronic document from the PROM,because the time period T2 is equal to an infinite value; in thepersonal cryptoprotective complex whose individual number corresponds tothe number N1 assigned to the electronic document, inputting a numericalvalue corresponding to the number N2 of the electronic document,generating the electronic-document-transmission-acknowledgement passwordwhile automatically including therein own individual numbercorresponding to N1 and the inputted number N2; sending the presentpassword in the encrypted to the personal cryptoprotective complex ofthe recipient of the electronic document; when the personalcryptoprotective complex of the recipient has received theelectronic-document-transmission-acknowledgement password in its PROM,finding the disabled electronic document marked by the number N2corresponding to the number received with the password, collating thenumbers N1 in the electronic document and in the password, and only ifcoincidence of numbers takes place, automatically enabling saidelectronic document; recording the electronic document to the section ofthe PROM of the personal cryptoprotective complex, intended fornon-copied electronic documents, and deleting the added numbers N1 andN2.
 67. The method according to claim 65, further comprising: adding thetemporary individual number generated by the random-number generator andan infinite value T2 of the time period, said number and value beingencrypted together with the electronic document, to the transmittableelectronic document; inputting a command to generate saidelectronic-document-transmission-acknowledgement password; generating anelectronic-document-acknowledgement password, assigning a number and avariable face value, if any, thereto, said number and variable facevalue corresponding to the temporary number and temporary face value ofthe electronic document; transmitting theelectronic-document-acknowledgement password in the encrypted formduring a cryptoprotective communication session to a certain user orkeeping said password in own personal cryptoprotective complex;disabling the electronic document for an arbitrary time period T1 in thePROM of the personal cryptoprotective complex, making copies of theelectronic document and transmitting them to other users in process ofthe cryptoprotective communication session or in an encrypted electronicletter; after the expiration of the time period T1, deleting theelectronic document from the PROM of the sender; receiving copies of theelectronic document, decrypting the electronic document, searching forand selecting service information from the decrypted information bymeans of service symbols; finding a mark that there is a copy of theelectronic document, and a temporary individual number of the presentdocument, recording the electronic document to the PROM and marking itwith the assigned temporary individual number; receiving theelectronic-document-transmission-acknowledgement password to a personalcryptoprotective complex of a user who has received the electronicdocument copy, finding said electronic document copy marked with thenumber corresponding to the number received with the password in thePROM, and if the numbers coincide, removing the mark that there is acopy from the electronic document copy, and then recording theelectronic document to the section of the PROM of the personalcryptoprotective complex, intended for non-copied electronic documentsand closed for users of the PROM, and deleting said temporary individualnumber; after the transmission of said password, deleting it from thePROM in the personal cryptoprotective complex of the sender of theelectronic-document-transmission-acknowledgement password, and if a partof the password is transmitted with a variable face value, decreasing aface value of a part of said password residuary in the PROM by the sumequal to the transmitted part.
 68. A method for simultaneouslyexchanging copy-protected electronic documents among users through acommunication link with use of a cryptoprotective complex, comprising:in a ROM of each of personal cryptoprotective complexes, storing copiesof a mother code being a set of random numbers (M1, M2, . . . , MN),encryption, decryption and information processing programs, whereinrecord is carried out in a protected way only in said personalcryptoprotective complexes, said way excluding the possibility ofrecording to other media and modifying said programs; storing anindividual number I of the personal cryptoprotective complex in the ROMas well as personal data of a user including his or her electronicsignature and other attributes used for execution of cryptoprotectiveoperations and generation of electronic documents, and setting date andtime in a built-in clock; synchronously generating a single-useencryption key on the basis of random numbers produced in the personalcryptoprotective complexes of users; synchronously generatingdynamically transformable daughter codes on the basis of the mother codeand the single-use encryption key in the personal cryptoprotectivecomplexes of users; inputting initial information to each of thepersonal cryptoprotective complexes of users; in accordance with anestablished mode of processing user's information and earlier receivedinformation, generating service information by means of the informationprocessing program and combining the service information with theprocessed user's information to obtain an electronic document, whereinattributes of the electronic document in the form of service informationare separated from the processed user's information by means ofpredetermined service symbols, and in accordance with a user's commandto generate a copy-protected electronic document, including a certaincommand in the service information as a part of the informationprocessing program for the personal cryptoprotective complexes, whereinsaid command is in the form of a typical set of symbols earlier inputtedto the ROM, and storing the obtained electronic document in a section ofthe PROM provided in the personal cryptoprotective complex and intendedfor non-copied electronic documents; in at least one of the personalcryptoprotective complexes, inputting a command for simultaneousexchanging the electronic documents, and sending said command in theform of a signal encrypted by means of the produced single-useencryption key to other personal cryptoprotective complex; in each ofthe personal cryptoprotective complexes, inputting a command to starttransmission of the non-copied electronic document recorded in the PROMto other subscriber of the established communication session; encryptingthe electronic document with a dynamically transformable daughter codewhile reading an electronic document inability-for-copying command outof the service information; establishing protection against modificationin the decrypted information and transmitting the encrypted informationto other personal cryptoprotective complex; in accordance with thecommand for simultaneous exchanging the electronic documents, and upontermination of transmission of the non-copied electronic document,disabling it for a predetermined time period T1 in the PROM of thesender; receiving the electronic document and decrypting the electronicdocument, establishing the reliability of information by check forabsence of distortions in information; searching for and selectingservice information from the decrypted information by means of servicesymbols, using the service symbols to find service informationcontaining the electronic document inability-for-copying command,recording the electronic document to the section of the PROM intendedfor non-copied electronic documents, disabling said electronic documentfor a predetermined time period T1 and outputting the obtainedelectronic document to the user for acquaintance; in the personalcryptoprotective complex of the receiving party, generating anelectronic-document-loading-acknowledgement password and transmittingsaid electronic-document-loading-acknowledgement password in theencrypted form to the personal cryptoprotective complex of the sendingparty; if the sender does not receive theelectronic-document-loading-acknowledgement password from the recipientduring the time period T1, the electronic document is enabled in thePROM of the personal cryptoprotective complex of the sender; if therecipient does not send the electronic-document-loading-acknowledgementpassword to the sender during the time period T1, deleting theelectronic document from the PROM of the personal cryptoprotectivecomplex of the recipient; receiving theelectronic-document-loading-acknowledgement in the personalcryptoprotective complex of sending party, generating anelectronic-document-transmission-acknowledgement password and requestinga user acknowledgement to send the present password to the personalcryptoprotective complex of the receiving party; in case if the userdoes not acknowledge the sending of the password during a predeterminedtime period T2, then, after the expiration of said time period,automatically enabling said electronic document in the PROM of thepersonal cryptoprotective complex of the sender, and automaticallydeleting said electronic document in the PROM of the personalcryptoprotective complex of the recipient; in case if the user gives theacknowledgement for sending the password during the time period T2,then, sending a predetermined signal in the encrypted form containinginformation of said acknowledgement to other user, and receiving thesimilar signal from said user; after the exchange of acknowledgementsignals, making synchronization according the last signal, and from themoment of sending a last bit of said signal from one of personalcryptoprotective complexes and to the moment of according receptionthereof in other personal cryptoprotective complex, starting a procedureof a simultaneous exchange of theelectronic-document-transmission-acknowledgement passwords in theencrypted form, wherein the reception of a password-containing signalfrom the opposite party is monitored in each of the personalcryptoprotective complexes, and in case of absence or interruption ofsaid signal, the transmission of own password is stopped; after thesending of the transmission-acknowledgement password, automaticallydeleting said electronic document from the PROM of the personalcryptoprotective complex of the sender, and when the recipient hasreceived the electronic-document-transmission-acknowledgement password,automatically enabling said electronic document in the PROM of thepersonal cryptoprotective complex of the recipient.
 69. The methodaccording to claim 68, further comprising: automatically introducing atime value T to the last acknowledgement signal, said value beingdifferent from a current time-reading by a time period t which value isgenerated by the random-number generator; sending the present signal toother user, and after the expiration of the signal sending time andbefore the time T comes, transmitting a random signal generated by therandom-number generator; when the time T comes, automatically stoppingtransmission of the random signal and starting simultaneous transmissionof electronic-document-transmission-acknowledgement passwords in theencrypted form, said random signal and the cryptogram of passwordshaving identical characteristics.
 70. The method according to claim 68,wherein users make an exchange of a copy of the electronic documentpreliminary signed by everyone with his or her own electronic digitalsignature, and after reception, disabling in the PROM and acquaintancewith the received electronic documents, at least one of users inputs acommand of simultaneous signing the present electronic document; asignal in the encrypted form is sent to other user, said signalcontaining information on simultaneous signing the electronic documentand being outputted to the user; after the exchange of theelectronic-document-transmission-acknowledgement passwords, there is thestep of automatically signing the electronic documents in each of thepersonal cryptoprotective complexes with the electronic digitalsignature of the user.
 71. The method according to claim 68, furthercomprising: inputting, in one of the personal cryptoprotectivecomplexes, a command to send an electronic letter at notice andinputting information, adding a number generated by the random-numbergenerator to the present information, separating said number by means ofearlier inputted service symbols and encrypting the information by saidnumber with application of a decryption password; in accordance withsaid command, recording the decryption password to the PROM of thepersonal cryptoprotective complex and marking said passwords with saidnumber; generating the electronic letter at notice from the inputtedencrypted information and the service information added thereto,separated with earlier inputted service symbols, containing the numberthat corresponds to a number of information and the decryption password,and having a command included therein and indicating that the presentinformation is an electronic letter at notice, outputting a copy of theencrypted electronic letter at notice for record to a medium;establishing a cryptoprotective communication session with a certainuser using the personal cryptoprotective complexes, and transmitting theelectronic letter at notice; receiving information; decrypting theservice information, finding the number to be recorded to the PROM, anda command that the received encrypted information is an electronicletter at notice, and outputting the present command to the user; inaccordance with said command and a command inputted by the recipient—tosend a notice on reception of said message to the sender, generating theelectronic document in the form of a preliminary inputted typical noticesheet, inputting the number to said sheet, said number corresponding toa number of the received information; and signing the present electronicdocument with an electronic signature of the user, said signaturecontaining the current date and time; sending a predetermined signal inthe encrypted form to other user, said signal containing informationthat acknowledges presence of the notice; after the sending andrespective reception of said signal, simultaneous changing theelectronic notice sheet for an electronic letter decryption password;receiving said decryption password to the personal cryptoprotectivecomplex of the recipient, using said password to decrypt informationreceived in the electronic letter at notice and outputting saidinformation to the user; receiving the electronic document being thenotice-of-reception sheet of the electronic letter at notice to thepersonal cryptoprotective complex of the sender, decrypting saidelectronic document and inputting it to the user and recording acryptogram of the notice sheet to the medium.
 72. The method accordingto claim 68, further comprising: inputting, in the personalcryptoprotective complex of the sender, a command to send an electronicletter at notice and inputting information, adding a number N generatedby the random-number generator to the present information, separatingsaid number by means of earlier inputted service symbols, inputting anindividual number I of the personal cyrptoprotective complex of theaddressee, producing a random number Z; based on the inputted number Iand the random number Z, encrypting the information, including the addedrandom number N; in accordance with said command, recording the randomnumber Z to the PROM of the personal cryptoprotective complex andmarking it with said random number N; generating the electronic letterat notice from the inputted encrypted information and serviceinformation added thereto, separated with earlier inputted servicesymbols, containing the number that corresponds to the number N ofinformation, and having a command included therein and indicating thatthe present information is an electronic letter at notice; outputting acopy of the encrypted electronic letter at notice for record to themedium; transmitting the electronic letter at notice to a node computer,establishing a cryptoprotective communication session with a nodecryptoprotective complex connected to the node computer, transmittingthe random number Z to be stored in the node cryptoprotective complex;receiving the electronic letter at notice from the node computer to thepersonal cryptoprotective complex of the addressee, decrypting theservice information, finding the number N to be recorded to the PROM,and a command that the received encrypted information is an electronicletter at notice; and outputting the present command to the user; inaccordance with said command and a command inputted by the recipient—tosend a notice on reception of said message to the sender, generating theelectronic document in the form of a preliminary inputted typical noticesheet, inputting the number N to said sheet, said number correspondingto a number of the received information; and signing the presentelectronic document with the electronic signature of the user, saidsignature containing the current date and time; sending a predeterminedsignal in the encrypted form to the node cryptoprotective complex viathe node computer, said signal containing information that acknowledgespresence of the notice; after the sending and respective reception ofsaid signal, simultaneous changing the electronic notice sheet for therandom number Z; receiving the random number Z to the personalcryptoprotective complex of the recipient, outputting the individualnumber I of the personal cryptoprotective complex and generating asingle-use decryption key of the basis of said numbers; decryptinginformation received in the electronic letter at notice and outputtingsaid information to the user; receiving the electronic document beingthe notice-of-reception sheet of the electronic letter at notice to thepersonal cryptoprotective complex of the sender from the nodecryptoprotective complex via the node computer, decrypting saidelectronic document and inputting it to the user and recording acryptogram of the notice sheet to the medium.
 73. A cassette for apersonal cryptoprotective complex, intended for protection and storageof confidential and cryptographic information, comprising: a microchipincluding a microprocessor capable of suppressing and maskingself-microradiations and creating false microradiations, a nonvolatilememory for storing encryption, decryption and information processingprograms and an individual number of a cryptoprotective device, avolatile memory being for storing a mother code and comprising abuilt-in accumulator, a protective sheath of the microchip, connected tothe accumulator and a protective sheath integrity monitor unit providingerase of information from the volatile memory at an authorized accessfrom the outside, said protective sheath consisting of three layerswherein the inner and outer layers of the protective sheath are formedwith light-reflecting surfaces faced each other, and a third,transparent layer enclosed there between, wherein the light-emittingmicrodiodes and microphotocells face to the outer light-reflectinglayer, said protective sheath integrity monitor unit being intended toset a periodicity and a radiation doze of the light-emittingmicrodiodes, to measure power absorbed by the microphotocells, tocompare the measured values to reference values, and at theirnon-coincidence to de-energize the volatile memory for destroying themother code stored therein.
 74. A cassette according to claim 73,wherein the microprocessor comprises additional parallel paths to supplysignals compensating the microradiations of own signals of themicroprocessor, and a generator for generating false microradiations ina frequency band of self-microradiations of the microprocessor.